projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ipset: add support for hash(ip,mac)
[openwrt/staging/dedeckeh.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-reject
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Netfilter IPv4 reject support
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_REJECT)
21 FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-reject))
26
27
28 define KernelPackage/nf-reject6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Netfilter IPv6 reject support
31 KCONFIG:= \
32 CONFIG_NETFILTER=y \
33 CONFIG_NETFILTER_ADVANCED=y \
34 $(KCONFIG_NF_REJECT6)
35 DEPENDS:=@IPV6
36 FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko)
37 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m)))
38 endef
39
40 $(eval $(call KernelPackage,nf-reject6))
41
42
43 define KernelPackage/nf-ipt
44 SUBMENU:=$(NF_MENU)
45 TITLE:=Iptables core
46 KCONFIG:=$(KCONFIG_NF_IPT)
47 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
48 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
49 endef
50
51 $(eval $(call KernelPackage,nf-ipt))
52
53
54 define KernelPackage/nf-ipt6
55 SUBMENU:=$(NF_MENU)
56 TITLE:=Ip6tables core
57 KCONFIG:=$(KCONFIG_NF_IPT6)
58 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
59 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
60 DEPENDS:=+kmod-nf-ipt
61 endef
62
63 $(eval $(call KernelPackage,nf-ipt6))
64
65
66
67 define KernelPackage/ipt-core
68 SUBMENU:=$(NF_MENU)
69 TITLE:=Iptables core
70 KCONFIG:=$(KCONFIG_IPT_CORE)
71 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
72 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
73 DEPENDS:=+kmod-nf-reject +kmod-nf-ipt
74 endef
75
76 define KernelPackage/ipt-core/description
77 Netfilter core kernel modules
78 Includes:
79 - comment
80 - limit
81 - LOG
82 - mac
83 - multiport
84 - REJECT
85 - TCPMSS
86 endef
87
88 $(eval $(call KernelPackage,ipt-core))
89
90
91 define KernelPackage/nf-conntrack
92 SUBMENU:=$(NF_MENU)
93 TITLE:=Netfilter connection tracking
94 KCONFIG:= \
95 CONFIG_NETFILTER=y \
96 CONFIG_NETFILTER_ADVANCED=y \
97 CONFIG_NF_CONNTRACK_MARK=y \
98 CONFIG_NF_CONNTRACK_ZONES=y \
99 $(KCONFIG_NF_CONNTRACK)
100 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
101 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
102 endef
103
104 define KernelPackage/nf-conntrack/install
105 $(INSTALL_DIR) $(1)/etc/sysctl.d
106 $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf
107 endef
108
109 $(eval $(call KernelPackage,nf-conntrack))
110
111
112 define KernelPackage/nf-conntrack6
113 SUBMENU:=$(NF_MENU)
114 TITLE:=Netfilter IPv6 connection tracking
115 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
116 DEPENDS:=@IPV6 +kmod-nf-conntrack
117 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
118 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
119 endef
120
121 $(eval $(call KernelPackage,nf-conntrack6))
122
123
124 define KernelPackage/nf-nat
125 SUBMENU:=$(NF_MENU)
126 TITLE:=Netfilter NAT
127 KCONFIG:=$(KCONFIG_NF_NAT)
128 DEPENDS:=+kmod-nf-conntrack
129 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
130 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
131 endef
132
133 $(eval $(call KernelPackage,nf-nat))
134
135
136 define KernelPackage/nf-nat6
137 SUBMENU:=$(NF_MENU)
138 TITLE:=Netfilter IPV6-NAT
139 KCONFIG:=$(KCONFIG_NF_NAT6)
140 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat
141 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
142 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
143 endef
144
145 $(eval $(call KernelPackage,nf-nat6))
146
147
148 define KernelPackage/nf-flow
149 SUBMENU:=$(NF_MENU)
150 TITLE:=Netfilter flowtable support
151 KCONFIG:= \
152 CONFIG_NETFILTER_INGRESS=y \
153 CONFIG_NF_FLOW_TABLE \
154 CONFIG_NF_FLOW_TABLE_HW
155 DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_9
156 FILES:= \
157 $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
158 $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
159 AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
160 endef
161
162 $(eval $(call KernelPackage,nf-flow))
163
164
165 define AddDepends/ipt
166 SUBMENU:=$(NF_MENU)
167 DEPENDS+= +kmod-ipt-core $(1)
168 endef
169
170
171 define KernelPackage/ipt-conntrack
172 TITLE:=Basic connection tracking modules
173 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
174 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
175 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
176 $(call AddDepends/ipt,+kmod-nf-conntrack)
177 endef
178
179 define KernelPackage/ipt-conntrack/description
180 Netfilter (IPv4) kernel modules for connection tracking
181 Includes:
182 - conntrack
183 - defrag
184 - iptables_raw
185 - NOTRACK
186 - state
187 endef
188
189 $(eval $(call KernelPackage,ipt-conntrack))
190
191
192 define KernelPackage/ipt-conntrack-extra
193 TITLE:=Extra connection tracking modules
194 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
195 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
196 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
197 $(call AddDepends/ipt,+kmod-ipt-conntrack)
198 endef
199
200 define KernelPackage/ipt-conntrack-extra/description
201 Netfilter (IPv4) extra kernel modules for connection tracking
202 Includes:
203 - connbytes
204 - connmark/CONNMARK
205 - conntrack
206 - helper
207 - recent
208 endef
209
210 $(eval $(call KernelPackage,ipt-conntrack-extra))
211
212 define KernelPackage/ipt-conntrack-label
213 TITLE:=Module for handling connection tracking labels
214 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
215 FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
216 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
217 $(call AddDepends/ipt,+kmod-ipt-conntrack)
218 endef
219
220 define KernelPackage/ipt-conntrack-label/description
221 Netfilter (IPv4) module for handling connection tracking labels
222 Includes:
223 - connlabel
224 endef
225
226 $(eval $(call KernelPackage,ipt-conntrack-label))
227
228 define KernelPackage/ipt-filter
229 TITLE:=Modules for packet content inspection
230 KCONFIG:=$(KCONFIG_IPT_FILTER)
231 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
232 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
233 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
234 endef
235
236 define KernelPackage/ipt-filter/description
237 Netfilter (IPv4) kernel modules for packet content inspection
238 Includes:
239 - string
240 - bpf
241 endef
242
243 $(eval $(call KernelPackage,ipt-filter))
244
245
246 define KernelPackage/ipt-offload
247 TITLE:=Netfilter routing/NAT offload support
248 KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD
249 FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko)
250 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m)))
251 $(call AddDepends/ipt,+kmod-nf-flow)
252 endef
253
254 $(eval $(call KernelPackage,ipt-offload))
255
256
257 define KernelPackage/ipt-ipopt
258 TITLE:=Modules for matching/changing IP packet options
259 KCONFIG:=$(KCONFIG_IPT_IPOPT)
260 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
261 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
262 $(call AddDepends/ipt)
263 endef
264
265 define KernelPackage/ipt-ipopt/description
266 Netfilter (IPv4) modules for matching/changing IP packet options
267 Includes:
268 - CLASSIFY
269 - dscp/DSCP
270 - ecn/ECN
271 - hl/HL
272 - length
273 - mark/MARK
274 - statistic
275 - tcpmss
276 - time
277 - ttl/TTL
278 - unclean
279 endef
280
281 $(eval $(call KernelPackage,ipt-ipopt))
282
283
284 define KernelPackage/ipt-ipsec
285 TITLE:=Modules for matching IPSec packets
286 KCONFIG:=$(KCONFIG_IPT_IPSEC)
287 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
288 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
289 $(call AddDepends/ipt)
290 endef
291
292 define KernelPackage/ipt-ipsec/description
293 Netfilter (IPv4) modules for matching IPSec packets
294 Includes:
295 - ah
296 - esp
297 - policy
298 endef
299
300 $(eval $(call KernelPackage,ipt-ipsec))
301
302 IPSET_MODULES:= \
303 ipset/ip_set \
304 ipset/ip_set_bitmap_ip \
305 ipset/ip_set_bitmap_ipmac \
306 ipset/ip_set_bitmap_port \
307 ipset/ip_set_hash_ip \
308 ipset/ip_set_hash_ipmark \
309 ipset/ip_set_hash_ipport \
310 ipset/ip_set_hash_ipportip \
311 ipset/ip_set_hash_ipportnet \
312 ipset/ip_set_hash_mac \
313 ipset/ip_set_hash_netportnet \
314 ipset/ip_set_hash_net \
315 ipset/ip_set_hash_netnet \
316 ipset/ip_set_hash_netport \
317 ipset/ip_set_hash_netiface \
318 ipset/ip_set_list_set \
319 xt_set
320
321 define KernelPackage/ipt-ipset
322 SUBMENU:=Netfilter Extensions
323 TITLE:=IPset netfilter modules
324 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
325 KCONFIG:= \
326 CONFIG_IP_SET \
327 CONFIG_IP_SET_MAX=256 \
328 CONFIG_NETFILTER_XT_SET \
329 CONFIG_IP_SET_BITMAP_IP \
330 CONFIG_IP_SET_BITMAP_IPMAC \
331 CONFIG_IP_SET_BITMAP_PORT \
332 CONFIG_IP_SET_HASH_IP \
333 CONFIG_IP_SET_HASH_IPMAC \
334 CONFIG_IP_SET_HASH_IPMARK \
335 CONFIG_IP_SET_HASH_IPPORT \
336 CONFIG_IP_SET_HASH_IPPORTIP \
337 CONFIG_IP_SET_HASH_IPPORTNET \
338 CONFIG_IP_SET_HASH_MAC \
339 CONFIG_IP_SET_HASH_NET \
340 CONFIG_IP_SET_HASH_NETNET \
341 CONFIG_IP_SET_HASH_NETIFACE \
342 CONFIG_IP_SET_HASH_NETPORT \
343 CONFIG_IP_SET_HASH_NETPORTNET \
344 CONFIG_IP_SET_LIST_SET \
345 CONFIG_NET_EMATCH_IPSET=n
346 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
347 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
348 endef
349 $(eval $(call KernelPackage,ipt-ipset))
350
351
352 IPVS_MODULES:= \
353 ipvs/ip_vs \
354 ipvs/ip_vs_lc \
355 ipvs/ip_vs_wlc \
356 ipvs/ip_vs_rr \
357 ipvs/ip_vs_wrr \
358 ipvs/ip_vs_lblc \
359 ipvs/ip_vs_lblcr \
360 ipvs/ip_vs_dh \
361 ipvs/ip_vs_sh \
362 ipvs/ip_vs_fo \
363 ipvs/ip_vs_ovf \
364 ipvs/ip_vs_nq \
365 ipvs/ip_vs_sed \
366 xt_ipvs
367
368 define KernelPackage/nf-ipvs
369 SUBMENU:=Netfilter Extensions
370 TITLE:=IP Virtual Server modules
371 DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack
372 KCONFIG:= \
373 CONFIG_IP_VS \
374 CONFIG_IP_VS_IPV6=y \
375 CONFIG_IP_VS_DEBUG=n \
376 CONFIG_IP_VS_PROTO_TCP=y \
377 CONFIG_IP_VS_PROTO_UDP=y \
378 CONFIG_IP_VS_PROTO_AH_ESP=y \
379 CONFIG_IP_VS_PROTO_ESP=y \
380 CONFIG_IP_VS_PROTO_AH=y \
381 CONFIG_IP_VS_PROTO_SCTP=y \
382 CONFIG_IP_VS_TAB_BITS=12 \
383 CONFIG_IP_VS_RR \
384 CONFIG_IP_VS_WRR \
385 CONFIG_IP_VS_LC \
386 CONFIG_IP_VS_WLC \
387 CONFIG_IP_VS_FO \
388 CONFIG_IP_VS_OVF \
389 CONFIG_IP_VS_LBLC \
390 CONFIG_IP_VS_LBLCR \
391 CONFIG_IP_VS_DH \
392 CONFIG_IP_VS_SH \
393 CONFIG_IP_VS_SED \
394 CONFIG_IP_VS_NQ \
395 CONFIG_IP_VS_SH_TAB_BITS=8 \
396 CONFIG_IP_VS_NFCT=y \
397 CONFIG_NETFILTER_XT_MATCH_IPVS
398 FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
399 $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack)
400 endef
401
402 define KernelPackage/nf-ipvs/description
403 IPVS (IP Virtual Server) implements transport-layer load balancing inside
404 the Linux kernel so called Layer-4 switching.
405 endef
406
407 $(eval $(call KernelPackage,nf-ipvs))
408
409
410 define KernelPackage/nf-ipvs-ftp
411 SUBMENU:=$(NF_MENU)
412 TITLE:=Virtual Server FTP protocol support
413 KCONFIG:=CONFIG_IP_VS_FTP
414 DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper
415 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko
416 endef
417
418 define KernelPackage/nf-ipvs-ftp/description
419 In the virtual server via Network Address Translation,
420 the IP address and port number of real servers cannot be sent to
421 clients in ftp connections directly, so FTP protocol helper is
422 required for tracking the connection and mangling it back to that of
423 virtual service.
424 endef
425
426 $(eval $(call KernelPackage,nf-ipvs-ftp))
427
428
429 define KernelPackage/nf-ipvs-sip
430 SUBMENU:=$(NF_MENU)
431 TITLE:=Virtual Server SIP protocol support
432 KCONFIG:=CONFIG_IP_VS_PE_SIP
433 DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra
434 FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko
435 endef
436
437 define KernelPackage/nf-ipvs-sip/description
438 Allow persistence based on the SIP Call-ID
439 endef
440
441 $(eval $(call KernelPackage,nf-ipvs-sip))
442
443
444 define KernelPackage/ipt-nat
445 TITLE:=Basic NAT targets
446 KCONFIG:=$(KCONFIG_IPT_NAT)
447 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
448 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
449 $(call AddDepends/ipt,+kmod-nf-nat)
450 endef
451
452 define KernelPackage/ipt-nat/description
453 Netfilter (IPv4) kernel modules for basic NAT targets
454 Includes:
455 - MASQUERADE
456 endef
457
458 $(eval $(call KernelPackage,ipt-nat))
459
460
461 define KernelPackage/ipt-raw
462 TITLE:=Netfilter IPv4 raw table support
463 KCONFIG:=CONFIG_IP_NF_RAW
464 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
465 AUTOLOAD:=$(call AutoProbe,iptable_raw)
466 $(call AddDepends/ipt)
467 endef
468
469 $(eval $(call KernelPackage,ipt-raw))
470
471
472 define KernelPackage/ipt-raw6
473 TITLE:=Netfilter IPv6 raw table support
474 KCONFIG:=CONFIG_IP6_NF_RAW
475 FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
476 AUTOLOAD:=$(call AutoProbe,ip6table_raw)
477 $(call AddDepends/ipt,+kmod-ip6tables)
478 endef
479
480 $(eval $(call KernelPackage,ipt-raw6))
481
482
483 define KernelPackage/ipt-nat6
484 TITLE:=IPv6 NAT targets
485 KCONFIG:=$(KCONFIG_IPT_NAT6)
486 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
487 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
488 $(call AddDepends/ipt,+kmod-nf-nat6)
489 $(call AddDepends/ipt,+kmod-ipt-conntrack)
490 $(call AddDepends/ipt,+kmod-ipt-nat)
491 $(call AddDepends/ipt,+kmod-ip6tables)
492 endef
493
494 define KernelPackage/ipt-nat6/description
495 Netfilter (IPv6) kernel modules for NAT targets
496 endef
497
498 $(eval $(call KernelPackage,ipt-nat6))
499
500
501 define KernelPackage/ipt-nat-extra
502 TITLE:=Extra NAT targets
503 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
504 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
505 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
506 $(call AddDepends/ipt,+kmod-ipt-nat)
507 endef
508
509 define KernelPackage/ipt-nat-extra/description
510 Netfilter (IPv4) kernel modules for extra NAT targets
511 Includes:
512 - NETMAP
513 - REDIRECT
514 endef
515
516 $(eval $(call KernelPackage,ipt-nat-extra))
517
518
519 define KernelPackage/nf-nathelper
520 SUBMENU:=$(NF_MENU)
521 TITLE:=Basic Conntrack and NAT helpers
522 KCONFIG:=$(KCONFIG_NF_NATHELPER)
523 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
524 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
525 DEPENDS:=+kmod-nf-nat
526 endef
527
528 define KernelPackage/nf-nathelper/description
529 Default Netfilter (IPv4) Conntrack and NAT helpers
530 Includes:
531 - ftp
532 endef
533
534 $(eval $(call KernelPackage,nf-nathelper))
535
536
537 define KernelPackage/nf-nathelper-extra
538 SUBMENU:=$(NF_MENU)
539 TITLE:=Extra Conntrack and NAT helpers
540 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
541 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
542 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
543 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +LINUX_4_19:kmod-asn1-decoder
544 endef
545
546 define KernelPackage/nf-nathelper-extra/description
547 Extra Netfilter (IPv4) Conntrack and NAT helpers
548 Includes:
549 - amanda
550 - h323
551 - irc
552 - mms
553 - pptp
554 - proto_gre
555 - sip
556 - snmp_basic
557 - tftp
558 - broadcast
559 endef
560
561 $(eval $(call KernelPackage,nf-nathelper-extra))
562
563
564 define KernelPackage/ipt-ulog
565 TITLE:=Module for user-space packet logging
566 KCONFIG:=$(KCONFIG_IPT_ULOG)
567 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
568 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
569 $(call AddDepends/ipt)
570 endef
571
572 define KernelPackage/ipt-ulog/description
573 Netfilter (IPv4) module for user-space packet logging
574 Includes:
575 - ULOG
576 endef
577
578 $(eval $(call KernelPackage,ipt-ulog))
579
580
581 define KernelPackage/ipt-nflog
582 TITLE:=Module for user-space packet logging
583 KCONFIG:=$(KCONFIG_IPT_NFLOG)
584 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
585 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
586 $(call AddDepends/ipt,+kmod-nfnetlink-log)
587 endef
588
589 define KernelPackage/ipt-nflog/description
590 Netfilter module for user-space packet logging
591 Includes:
592 - NFLOG
593 endef
594
595 $(eval $(call KernelPackage,ipt-nflog))
596
597
598 define KernelPackage/ipt-nfqueue
599 TITLE:=Module for user-space packet queuing
600 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
601 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
602 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
603 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
604 endef
605
606 define KernelPackage/ipt-nfqueue/description
607 Netfilter module for user-space packet queuing
608 Includes:
609 - NFQUEUE
610 endef
611
612 $(eval $(call KernelPackage,ipt-nfqueue))
613
614
615 define KernelPackage/ipt-debug
616 TITLE:=Module for debugging/development
617 KCONFIG:=$(KCONFIG_IPT_DEBUG)
618 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
619 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
620 $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6)
621 endef
622
623 define KernelPackage/ipt-debug/description
624 Netfilter modules for debugging/development of the firewall
625 Includes:
626 - TRACE
627 endef
628
629 $(eval $(call KernelPackage,ipt-debug))
630
631
632 define KernelPackage/ipt-led
633 TITLE:=Module to trigger a LED with a Netfilter rule
634 KCONFIG:=$(KCONFIG_IPT_LED)
635 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
636 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
637 $(call AddDepends/ipt)
638 endef
639
640 define KernelPackage/ipt-led/description
641 Netfilter target to trigger a LED when a network packet is matched.
642 endef
643
644 $(eval $(call KernelPackage,ipt-led))
645
646 define KernelPackage/ipt-tproxy
647 TITLE:=Transparent proxying support
648 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
649 KCONFIG:= \
650 CONFIG_NETFILTER_XT_MATCH_SOCKET \
651 CONFIG_NETFILTER_XT_TARGET_TPROXY
652 FILES:= \
653 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
654 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
655 $(call AddDepends/ipt)
656 endef
657
658 define KernelPackage/ipt-tproxy/description
659 Kernel modules for Transparent Proxying
660 endef
661
662 $(eval $(call KernelPackage,ipt-tproxy))
663
664 define KernelPackage/ipt-tee
665 TITLE:=TEE support
666 DEPENDS:=+kmod-ipt-conntrack
667 KCONFIG:= \
668 CONFIG_NETFILTER_XT_TARGET_TEE
669 FILES:= \
670 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
671 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
672 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
673 $(call AddDepends/ipt)
674 endef
675
676 define KernelPackage/ipt-tee/description
677 Kernel modules for TEE
678 endef
679
680 $(eval $(call KernelPackage,ipt-tee))
681
682
683 define KernelPackage/ipt-u32
684 TITLE:=U32 support
685 KCONFIG:= \
686 CONFIG_NETFILTER_XT_MATCH_U32
687 FILES:= \
688 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
689 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
690 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
691 $(call AddDepends/ipt)
692 endef
693
694 define KernelPackage/ipt-u32/description
695 Kernel modules for U32
696 endef
697
698 $(eval $(call KernelPackage,ipt-u32))
699
700 define KernelPackage/ipt-checksum
701 TITLE:=CHECKSUM support
702 KCONFIG:= \
703 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
704 FILES:= \
705 $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \
706 $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko)
707 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m)))
708 $(call AddDepends/ipt)
709 endef
710
711 define KernelPackage/ipt-checksum/description
712 Kernel modules for CHECKSUM fillin target
713 endef
714
715 $(eval $(call KernelPackage,ipt-checksum))
716
717
718 define KernelPackage/ipt-iprange
719 TITLE:=Module for matching ip ranges
720 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
721 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
722 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
723 $(call AddDepends/ipt)
724 endef
725
726 define KernelPackage/ipt-iprange/description
727 Netfilter (IPv4) module for matching ip ranges
728 Includes:
729 - iprange
730 endef
731
732 $(eval $(call KernelPackage,ipt-iprange))
733
734 define KernelPackage/ipt-cluster
735 TITLE:=Module for matching cluster
736 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
737 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
738 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
739 $(call AddDepends/ipt,+kmod-nf-conntrack)
740 endef
741
742 define KernelPackage/ipt-cluster/description
743 Netfilter (IPv4/IPv6) module for matching cluster
744 This option allows you to build work-load-sharing clusters of
745 network servers/stateful firewalls without having a dedicated
746 load-balancing router/server/switch. Basically, this match returns
747 true when the packet must be handled by this cluster node. Thus,
748 all nodes see all packets and this match decides which node handles
749 what packets. The work-load sharing algorithm is based on source
750 address hashing.
751
752 This module is usable for ipv4 and ipv6.
753
754 To use it also enable iptables-mod-cluster
755
756 see `iptables -m cluster --help` for more information.
757 endef
758
759 $(eval $(call KernelPackage,ipt-cluster))
760
761 define KernelPackage/ipt-clusterip
762 TITLE:=Module for CLUSTERIP
763 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
764 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
765 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
766 $(call AddDepends/ipt,+kmod-nf-conntrack)
767 endef
768
769 define KernelPackage/ipt-clusterip/description
770 Netfilter (IPv4-only) module for CLUSTERIP
771 The CLUSTERIP target allows you to build load-balancing clusters of
772 network servers without having a dedicated load-balancing
773 router/server/switch.
774
775 To use it also enable iptables-mod-clusterip
776
777 see `iptables -j CLUSTERIP --help` for more information.
778 endef
779
780 $(eval $(call KernelPackage,ipt-clusterip))
781
782
783 define KernelPackage/ipt-extra
784 TITLE:=Extra modules
785 KCONFIG:=$(KCONFIG_IPT_EXTRA)
786 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
787 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
788 $(call AddDepends/ipt)
789 endef
790
791 define KernelPackage/ipt-extra/description
792 Other Netfilter (IPv4) kernel modules
793 Includes:
794 - addrtype
795 - owner
796 - pkttype
797 - quota
798 endef
799
800 $(eval $(call KernelPackage,ipt-extra))
801
802
803 define KernelPackage/ipt-physdev
804 TITLE:=physdev module
805 KCONFIG:=$(KCONFIG_IPT_PHYSDEV)
806 FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko)
807 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m)))
808 $(call AddDepends/ipt,+kmod-br-netfilter)
809 endef
810
811 define KernelPackage/ipt-physdev/description
812 The iptables physdev kernel module
813 endef
814
815 $(eval $(call KernelPackage,ipt-physdev))
816
817
818 define KernelPackage/ip6tables
819 SUBMENU:=$(NF_MENU)
820 TITLE:=IPv6 modules
821 DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core
822 KCONFIG:=$(KCONFIG_IPT_IPV6)
823 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
824 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
825 endef
826
827 define KernelPackage/ip6tables/description
828 Netfilter IPv6 firewalling support
829 endef
830
831 $(eval $(call KernelPackage,ip6tables))
832
833 define KernelPackage/ip6tables-extra
834 SUBMENU:=$(NF_MENU)
835 TITLE:=Extra IPv6 modules
836 DEPENDS:=+kmod-ip6tables
837 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
838 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
839 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
840 endef
841
842 define KernelPackage/ip6tables-extra/description
843 Netfilter IPv6 extra header matching modules
844 endef
845
846 $(eval $(call KernelPackage,ip6tables-extra))
847
848 ARP_MODULES = arp_tables arpt_mangle arptable_filter
849 define KernelPackage/arptables
850 SUBMENU:=$(NF_MENU)
851 TITLE:=ARP firewalling modules
852 DEPENDS:=+kmod-ipt-core
853 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
854 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
855 CONFIG_IP_NF_ARPFILTER \
856 CONFIG_IP_NF_ARP_MANGLE
857 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
858 endef
859
860 define KernelPackage/arptables/description
861 Kernel modules for ARP firewalling
862 endef
863
864 $(eval $(call KernelPackage,arptables))
865
866
867 define KernelPackage/br-netfilter
868 SUBMENU:=$(NF_MENU)
869 TITLE:=Bridge netfilter support modules
870 DEPENDS:=+kmod-ipt-core
871 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
872 KCONFIG:=CONFIG_BRIDGE_NETFILTER
873 AUTOLOAD:=$(call AutoProbe,br_netfilter)
874 endef
875
876 define KernelPackage/br-netfilter/install
877 $(INSTALL_DIR) $(1)/etc/sysctl.d
878 $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf
879 endef
880
881 $(eval $(call KernelPackage,br-netfilter))
882
883
884 define KernelPackage/ebtables
885 SUBMENU:=$(NF_MENU)
886 TITLE:=Bridge firewalling modules
887 DEPENDS:=+kmod-ipt-core
888 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
889 KCONFIG:=$(KCONFIG_EBTABLES)
890 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
891 endef
892
893 define KernelPackage/ebtables/description
894 ebtables is a general, extensible frame/packet identification
895 framework. It provides you to do Ethernet
896 filtering/NAT/brouting on the Ethernet bridge.
897 endef
898
899 $(eval $(call KernelPackage,ebtables))
900
901
902 define AddDepends/ebtables
903 SUBMENU:=$(NF_MENU)
904 DEPENDS+= +kmod-ebtables $(1)
905 endef
906
907
908 define KernelPackage/ebtables-ipv4
909 TITLE:=ebtables: IPv4 support
910 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
911 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
912 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
913 $(call AddDepends/ebtables)
914 endef
915
916 define KernelPackage/ebtables-ipv4/description
917 This option adds the IPv4 support to ebtables, which allows basic
918 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
919 endef
920
921 $(eval $(call KernelPackage,ebtables-ipv4))
922
923
924 define KernelPackage/ebtables-ipv6
925 TITLE:=ebtables: IPv6 support
926 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
927 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
928 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
929 $(call AddDepends/ebtables)
930 endef
931
932 define KernelPackage/ebtables-ipv6/description
933 This option adds the IPv6 support to ebtables, which allows basic
934 IPv6 header field filtering and target support.
935 endef
936
937 $(eval $(call KernelPackage,ebtables-ipv6))
938
939
940 define KernelPackage/ebtables-watchers
941 TITLE:=ebtables: watchers support
942 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
943 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
944 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
945 $(call AddDepends/ebtables)
946 endef
947
948 define KernelPackage/ebtables-watchers/description
949 This option adds the log watchers, that you can use in any rule
950 in any ebtables table.
951 endef
952
953 $(eval $(call KernelPackage,ebtables-watchers))
954
955
956 define KernelPackage/nfnetlink
957 SUBMENU:=$(NF_MENU)
958 TITLE:=Netlink-based userspace interface
959 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
960 KCONFIG:=$(KCONFIG_NFNETLINK)
961 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
962 endef
963
964 define KernelPackage/nfnetlink/description
965 Kernel modules support for a netlink-based userspace interface
966 endef
967
968 $(eval $(call KernelPackage,nfnetlink))
969
970
971 define AddDepends/nfnetlink
972 SUBMENU:=$(NF_MENU)
973 DEPENDS+=+kmod-nfnetlink $(1)
974 endef
975
976
977 define KernelPackage/nfnetlink-log
978 TITLE:=Netfilter LOG over NFNETLINK interface
979 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
980 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
981 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
982 $(call AddDepends/nfnetlink)
983 endef
984
985 define KernelPackage/nfnetlink-log/description
986 Kernel modules support for logging packets via NFNETLINK
987 Includes:
988 - NFLOG
989 endef
990
991 $(eval $(call KernelPackage,nfnetlink-log))
992
993
994 define KernelPackage/nfnetlink-queue
995 TITLE:=Netfilter QUEUE over NFNETLINK interface
996 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
997 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
998 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
999 $(call AddDepends/nfnetlink)
1000 endef
1001
1002 define KernelPackage/nfnetlink-queue/description
1003 Kernel modules support for queueing packets via NFNETLINK
1004 Includes:
1005 - NFQUEUE
1006 endef
1007
1008 $(eval $(call KernelPackage,nfnetlink-queue))
1009
1010
1011 define KernelPackage/nf-conntrack-netlink
1012 TITLE:=Connection tracking netlink interface
1013 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
1014 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
1015 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
1016 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
1017 endef
1018
1019 define KernelPackage/nf-conntrack-netlink/description
1020 Kernel modules support for a netlink-based connection tracking
1021 userspace interface
1022 endef
1023
1024 $(eval $(call KernelPackage,nf-conntrack-netlink))
1025
1026 define KernelPackage/ipt-hashlimit
1027 SUBMENU:=$(NF_MENU)
1028 TITLE:=Netfilter hashlimit match
1029 DEPENDS:=+kmod-ipt-core
1030 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
1031 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
1032 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
1033 $(call KernelPackage/ipt)
1034 endef
1035
1036 define KernelPackage/ipt-hashlimit/description
1037 Kernel modules support for the hashlimit bucket match module
1038 endef
1039
1040 $(eval $(call KernelPackage,ipt-hashlimit))
1041
1042 define KernelPackage/ipt-rpfilter
1043 SUBMENU:=$(NF_MENU)
1044 TITLE:=Netfilter rpfilter match
1045 DEPENDS:=+kmod-ipt-core
1046 KCONFIG:=$(KCONFIG_IPT_RPFILTER)
1047 FILES:=$(realpath \
1048 $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \
1049 $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko)
1050 AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter)
1051 $(call KernelPackage/ipt)
1052 endef
1053
1054 define KernelPackage/ipt-rpfilter/description
1055 Kernel modules support for the Netfilter rpfilter match
1056 endef
1057
1058 $(eval $(call KernelPackage,ipt-rpfilter))
1059
1060
1061 define KernelPackage/nft-core
1062 SUBMENU:=$(NF_MENU)
1063 TITLE:=Netfilter nf_tables support
1064 DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6
1065 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
1066 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
1067 KCONFIG:= \
1068 CONFIG_NFT_COMPAT=n \
1069 CONFIG_NFT_QUEUE=n \
1070 $(KCONFIG_NFT_CORE)
1071 endef
1072
1073 define KernelPackage/nft-core/description
1074 Kernel module support for nftables
1075 endef
1076
1077 $(eval $(call KernelPackage,nft-core))
1078
1079
1080 define KernelPackage/nft-arp
1081 SUBMENU:=$(NF_MENU)
1082 TITLE:=Netfilter nf_tables ARP table support
1083 DEPENDS:=+kmod-nft-core
1084 FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
1085 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
1086 KCONFIG:=$(KCONFIG_NFT_ARP)
1087 endef
1088
1089 $(eval $(call KernelPackage,nft-arp))
1090
1091
1092 define KernelPackage/nft-bridge
1093 SUBMENU:=$(NF_MENU)
1094 TITLE:=Netfilter nf_tables bridge table support
1095 DEPENDS:=+kmod-nft-core
1096 FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
1097 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
1098 KCONFIG:= \
1099 CONFIG_NF_LOG_BRIDGE=n \
1100 $(KCONFIG_NFT_BRIDGE)
1101 endef
1102
1103 $(eval $(call KernelPackage,nft-bridge))
1104
1105
1106 define KernelPackage/nft-nat
1107 SUBMENU:=$(NF_MENU)
1108 TITLE:=Netfilter nf_tables NAT support
1109 DEPENDS:=+kmod-nft-core +kmod-nf-nat
1110 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
1111 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
1112 KCONFIG:=$(KCONFIG_NFT_NAT)
1113 endef
1114
1115 $(eval $(call KernelPackage,nft-nat))
1116
1117
1118 define KernelPackage/nft-offload
1119 SUBMENU:=$(NF_MENU)
1120 TITLE:=Netfilter nf_tables routing/NAT offload support
1121 DEPENDS:=+kmod-nf-flow +kmod-nft-nat
1122 KCONFIG:= \
1123 CONFIG_NF_FLOW_TABLE_INET \
1124 CONFIG_NF_FLOW_TABLE_IPV4 \
1125 CONFIG_NF_FLOW_TABLE_IPV6 \
1126 CONFIG_NFT_FLOW_OFFLOAD
1127 FILES:= \
1128 $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
1129 $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
1130 $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
1131 $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
1132 AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
1133 endef
1134
1135 $(eval $(call KernelPackage,nft-offload))
1136
1137
1138 define KernelPackage/nft-nat6
1139 SUBMENU:=$(NF_MENU)
1140 TITLE:=Netfilter nf_tables IPv6-NAT support
1141 DEPENDS:=+kmod-nft-nat +kmod-nf-nat6
1142 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
1143 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
1144 KCONFIG:=$(KCONFIG_NFT_NAT6)
1145 endef
1146
1147 $(eval $(call KernelPackage,nft-nat6))
1148
1149 define KernelPackage/nft-netdev
1150 SUBMENU:=$(NF_MENU)
1151 TITLE:=Netfilter nf_tables netdev support
1152 DEPENDS:=+kmod-nft-core
1153 KCONFIG:= \
1154 CONFIG_NETFILTER_INGRESS=y \
1155 CONFIG_NF_TABLES_NETDEV \
1156 CONFIG_NF_DUP_NETDEV \
1157 CONFIG_NFT_DUP_NETDEV \
1158 CONFIG_NFT_FWD_NETDEV
1159 FILES:= \
1160 $(LINUX_DIR)/net/netfilter/nf_tables_netdev.ko@lt4.17 \
1161 $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \
1162 $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \
1163 $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko
1164 AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev)
1165 endef
1166
1167 $(eval $(call KernelPackage,nft-netdev))
1168
1169
1170 define KernelPackage/nft-fib
1171 SUBMENU:=$(NF_MENU)
1172 TITLE:=Netfilter nf_tables fib support
1173 DEPENDS:=+kmod-nft-core
1174 FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko)
1175 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m)))
1176 KCONFIG:=$(KCONFIG_NFT_FIB)
1177 endef
1178
1179 $(eval $(call KernelPackage,nft-fib))
Staging tree of dedeckeh