netfilter: add bpf match support

Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d532cea5b23e1f01cbb31b0cfcd5ef7832ab231..510aa183ca1ed9ab38015ced17005d70a6f4f6fa 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
 # filter
 
 $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
 
 
 # ipopt

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 55226bf62953024e906c75e6d88d105249772b6a..3d01ccecf85b033038ef8d1cd512db09a8ff7f0f 100644 (file)
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
  Netfilter (IPv4) kernel modules for packet content inspection
  Includes:
  - string
+ - bpf
 endef
 
 $(eval $(call KernelPackage,ipt-filter))

diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 1d758ed07d720f6d6bd974d96ba54b9609b5173b..9c7179c51dc950b82df83b45f8fab184b93a48d1 100644 (file)
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -150,6 +150,7 @@ Includes support for:
 
  Matches:
   - string
+  - bpf
 
 endef