package/kernel/linux/modules/netfilter.mk

   1
   2 #
   3 # Copyright (C) 2006-2010 OpenWrt.org
   4 #
   5 # This is free software, licensed under the GNU General Public License v2.
   6 # See /LICENSE for more information.
   7 #
   8
   9 NF_MENU:=Netfilter Extensions
  10 NF_KMOD:=1
  11 include $(INCLUDE_DIR)/netfilter.mk
  12
  13
  14 define KernelPackage/nf-ipt
  15   SUBMENU:=$(NF_MENU)
  16   TITLE:=Iptables core
  17   KCONFIG:= \
  18         CONFIG_NETFILTER=y \
  19         CONFIG_NETFILTER_ADVANCED=y \
  20         $(KCONFIG_NF_IPT)
  21   FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
  22   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
  23 endef
  24
  25 $(eval $(call KernelPackage,nf-ipt))
  26
  27
  28 define KernelPackage/nf-ipt6
  29   SUBMENU:=$(NF_MENU)
  30   TITLE:=Ip6tables core
  31   KCONFIG:=$(KCONFIG_NF_IPT6)
  32   FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
  33   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
  34   DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
  35 endef
  36
  37 $(eval $(call KernelPackage,nf-ipt6))
  38
  39
  40
  41 define KernelPackage/ipt-core
  42   SUBMENU:=$(NF_MENU)
  43   TITLE:=Iptables core
  44   KCONFIG:=$(KCONFIG_IPT_CORE)
  45   FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
  46   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
  47   DEPENDS:=+kmod-nf-ipt
  48 endef
  49
  50 define KernelPackage/ipt-core/description
  51  Netfilter core kernel modules
  52  Includes:
  53  - comment
  54  - limit
  55  - LOG
  56  - mac
  57  - multiport
  58  - REJECT
  59  - TCPMSS
  60 endef
  61
  62 $(eval $(call KernelPackage,ipt-core))
  63
  64
  65 define KernelPackage/nf-conntrack
  66   SUBMENU:=$(NF_MENU)
  67   TITLE:=Netfilter connection tracking
  68   KCONFIG:= \
  69         CONFIG_NETFILTER=y \
  70         CONFIG_NETFILTER_ADVANCED=y \
  71         $(KCONFIG_NF_CONNTRACK)
  72   FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
  73   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
  74 endef
  75
  76 $(eval $(call KernelPackage,nf-conntrack))
  77
  78
  79 define KernelPackage/nf-conntrack6
  80   SUBMENU:=$(NF_MENU)
  81   TITLE:=Netfilter IPv6 connection tracking
  82   KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
  83   DEPENDS:=+kmod-ipv6 +kmod-nf-conntrack
  84   FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
  85   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
  86 endef
  87
  88 $(eval $(call KernelPackage,nf-conntrack6))
  89
  90
  91 define KernelPackage/nf-nat
  92   SUBMENU:=$(NF_MENU)
  93   TITLE:=Netfilter NAT
  94   KCONFIG:=$(KCONFIG_NF_NAT)
  95   DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
  96   FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
  97   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
  98 endef
  99
 100 $(eval $(call KernelPackage,nf-nat))
 101
 102
 103 define KernelPackage/nf-nat6
 104   SUBMENU:=$(NF_MENU)
 105   TITLE:=Netfilter IPV6-NAT
 106   KCONFIG:=$(KCONFIG_NF_NAT6)
 107   DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
 108   FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 109   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
 110 endef
 111
 112 $(eval $(call KernelPackage,nf-nat6))
 113
 114
 115 define AddDepends/ipt
 116   SUBMENU:=$(NF_MENU)
 117   DEPENDS+= +kmod-ipt-core $(1)
 118 endef
 119
 120
 121 define KernelPackage/ipt-conntrack
 122   TITLE:=Basic connection tracking modules
 123   KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
 124   FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
 125   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
 126   $(call AddDepends/ipt,+kmod-nf-conntrack)
 127 endef
 128
 129 define KernelPackage/ipt-conntrack/description
 130  Netfilter (IPv4) kernel modules for connection tracking
 131  Includes:
 132  - conntrack
 133  - defrag
 134  - iptables_raw
 135  - NOTRACK
 136  - state
 137 endef
 138
 139 $(eval $(call KernelPackage,ipt-conntrack))
 140
 141
 142 define KernelPackage/ipt-conntrack-extra
 143   TITLE:=Extra connection tracking modules
 144   KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
 145   FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 146   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
 147   $(call AddDepends/ipt,+kmod-ipt-conntrack)
 148 endef
 149
 150 define KernelPackage/ipt-conntrack-extra/description
 151  Netfilter (IPv4) extra kernel modules for connection tracking
 152  Includes:
 153  - connbytes
 154  - connmark/CONNMARK
 155  - conntrack
 156  - helper
 157  - recent
 158 endef
 159
 160 $(eval $(call KernelPackage,ipt-conntrack-extra))
 161
 162
 163 define KernelPackage/ipt-filter
 164   TITLE:=Modules for packet content inspection
 165   KCONFIG:=$(KCONFIG_IPT_FILTER)
 166   FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
 167   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
 168   $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
 169 endef
 170
 171 define KernelPackage/ipt-filter/description
 172  Netfilter (IPv4) kernel modules for packet content inspection
 173  Includes:
 174  - layer7
 175  - string
 176 endef
 177
 178 $(eval $(call KernelPackage,ipt-filter))
 179
 180
 181 define KernelPackage/ipt-ipopt
 182   TITLE:=Modules for matching/changing IP packet options
 183   KCONFIG:=$(KCONFIG_IPT_IPOPT)
 184   FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
 185   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
 186   $(call AddDepends/ipt)
 187 endef
 188
 189 define KernelPackage/ipt-ipopt/description
 190  Netfilter (IPv4) modules for matching/changing IP packet options
 191  Includes:
 192  - CLASSIFY
 193  - dscp/DSCP
 194  - ecn/ECN
 195  - hl/HL
 196  - length
 197  - mark/MARK
 198  - statistic
 199  - tcpmss
 200  - time
 201  - ttl/TTL
 202  - unclean
 203 endef
 204
 205 $(eval $(call KernelPackage,ipt-ipopt))
 206
 207
 208 define KernelPackage/ipt-ipsec
 209   TITLE:=Modules for matching IPSec packets
 210   KCONFIG:=$(KCONFIG_IPT_IPSEC)
 211   FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
 212   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
 213   $(call AddDepends/ipt)
 214 endef
 215
 216 define KernelPackage/ipt-ipsec/description
 217  Netfilter (IPv4) modules for matching IPSec packets
 218  Includes:
 219  - ah
 220  - esp
 221  - policy
 222 endef
 223
 224 $(eval $(call KernelPackage,ipt-ipsec))
 225
 226
 227 define KernelPackage/ipt-nat
 228   TITLE:=Basic NAT targets
 229   KCONFIG:=$(KCONFIG_IPT_NAT)
 230   FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
 231   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
 232   $(call AddDepends/ipt,+kmod-nf-nat)
 233 endef
 234
 235 define KernelPackage/ipt-nat/description
 236  Netfilter (IPv4) kernel modules for basic NAT targets
 237  Includes:
 238  - MASQUERADE
 239 endef
 240
 241 $(eval $(call KernelPackage,ipt-nat))
 242
 243
 244 define KernelPackage/ipt-nat6
 245   TITLE:=IPv6 NAT targets
 246   KCONFIG:=$(KCONFIG_IPT_NAT6)
 247   FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 248   AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
 249   $(call AddDepends/ipt,+kmod-nf-nat6)
 250   $(call AddDepends/ipt,+kmod-ipt-conntrack)
 251   $(call AddDepends/ipt,+kmod-ipt-nat)
 252   $(call AddDepends/ipt,+kmod-ip6tables)
 253 endef
 254
 255 define KernelPackage/ipt-nat6/description
 256  Netfilter (IPv6) kernel modules for NAT targets
 257 endef
 258
 259 $(eval $(call KernelPackage,ipt-nat6))
 260
 261
 262 define KernelPackage/ipt-nat-extra
 263   TITLE:=Extra NAT targets
 264   KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
 265   FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 266   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
 267   $(call AddDepends/ipt,+kmod-ipt-nat)
 268 endef
 269
 270 define KernelPackage/ipt-nat-extra/description
 271  Netfilter (IPv4) kernel modules for extra NAT targets
 272  Includes:
 273  - NETMAP
 274  - REDIRECT
 275 endef
 276
 277 $(eval $(call KernelPackage,ipt-nat-extra))
 278
 279
 280 define KernelPackage/nf-nathelper
 281   SUBMENU:=$(NF_MENU)
 282   TITLE:=Basic Conntrack and NAT helpers
 283   KCONFIG:=$(KCONFIG_NF_NATHELPER)
 284   FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
 285   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
 286   DEPENDS:=+kmod-nf-nat
 287 endef
 288
 289 define KernelPackage/nf-nathelper/description
 290  Default Netfilter (IPv4) Conntrack and NAT helpers
 291  Includes:
 292  - ftp
 293  - irc
 294  - tftp
 295 endef
 296
 297 $(eval $(call KernelPackage,nf-nathelper))
 298
 299
 300 define KernelPackage/nf-nathelper-extra
 301   SUBMENU:=$(NF_MENU)
 302   TITLE:=Extra Conntrack and NAT helpers
 303   KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
 304   FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 305   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
 306   DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
 307 endef
 308
 309 define KernelPackage/nf-nathelper-extra/description
 310  Extra Netfilter (IPv4) Conntrack and NAT helpers
 311  Includes:
 312  - amanda
 313  - h323
 314  - mms
 315  - pptp
 316  - proto_gre
 317  - sip
 318  - snmp_basic
 319  - broadcast
 320 endef
 321
 322 $(eval $(call KernelPackage,nf-nathelper-extra))
 323
 324
 325 define KernelPackage/ipt-queue
 326   TITLE:=Module for user-space packet queueing
 327   KCONFIG:=$(KCONFIG_IPT_QUEUE)
 328   DEPENDS:=@!LINUX_3_6
 329   FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
 330   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_QUEUE-m)))
 331   $(call AddDepends/ipt)
 332 endef
 333
 334 define KernelPackage/ipt-queue/description
 335  Netfilter (IPv4) module for user-space packet queueing
 336  Includes:
 337  - QUEUE
 338 endef
 339
 340 $(eval $(call KernelPackage,ipt-queue))
 341
 342
 343 define KernelPackage/ipt-ulog
 344   TITLE:=Module for user-space packet logging
 345   KCONFIG:=$(KCONFIG_IPT_ULOG)
 346   FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
 347   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
 348   $(call AddDepends/ipt)
 349 endef
 350
 351 define KernelPackage/ipt-ulog/description
 352  Netfilter (IPv4) module for user-space packet logging
 353  Includes:
 354  - ULOG
 355 endef
 356
 357 $(eval $(call KernelPackage,ipt-ulog))
 358
 359
 360 define KernelPackage/ipt-nflog
 361   TITLE:=Module for user-space packet logging
 362   KCONFIG:=$(KCONFIG_IPT_NFLOG)
 363   FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
 364   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
 365   $(call AddDepends/ipt,+kmod-nfnetlink-log)
 366 endef
 367
 368 define KernelPackage/ipt-nflog/description
 369  Netfilter module for user-space packet logging
 370  Includes:
 371  - NFLOG
 372 endef
 373
 374 $(eval $(call KernelPackage,ipt-nflog))
 375
 376
 377 define KernelPackage/ipt-nfqueue
 378   TITLE:=Module for user-space packet queuing
 379   KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
 380   FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
 381   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
 382   $(call AddDepends/ipt,+kmod-nfnetlink-queue)
 383 endef
 384
 385 define KernelPackage/ipt-nfqueue/description
 386  Netfilter module for user-space packet queuing
 387  Includes:
 388  - NFQUEUE
 389 endef
 390
 391 $(eval $(call KernelPackage,ipt-nfqueue))
 392
 393
 394 define KernelPackage/ipt-debug
 395   TITLE:=Module for debugging/development
 396   KCONFIG:=$(KCONFIG_IPT_DEBUG)
 397   DEFAULT:=n
 398   FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
 399   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
 400   $(call AddDepends/ipt)
 401 endef
 402
 403 define KernelPackage/ipt-debug/description
 404  Netfilter modules for debugging/development of the firewall
 405  Includes:
 406  - TRACE
 407 endef
 408
 409 $(eval $(call KernelPackage,ipt-debug))
 410
 411
 412 define KernelPackage/ipt-led
 413   TITLE:=Module to trigger a LED with a Netfilter rule
 414   KCONFIG:=$(KCONFIG_IPT_LED)
 415   FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
 416   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
 417   $(call AddDepends/ipt)
 418 endef
 419
 420 define KernelPackage/ipt-led/description
 421  Netfilter target to trigger a LED when a network packet is matched.
 422 endef
 423
 424 $(eval $(call KernelPackage,ipt-led))
 425
 426 define KernelPackage/ipt-tproxy
 427   TITLE:=Transparent proxying support
 428   DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ipv6 +IPV6:kmod-ip6tables
 429   KCONFIG:= \
 430         CONFIG_NETFILTER_TPROXY \
 431         CONFIG_NETFILTER_XT_MATCH_SOCKET \
 432         CONFIG_NETFILTER_XT_TARGET_TPROXY
 433   FILES:= \
 434         $(if $(call kernel_patchver_lt,3.12),$(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko) \
 435         $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
 436   AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
 437   $(call AddDepends/ipt)
 438 endef
 439
 440 define KernelPackage/ipt-tproxy/description
 441   Kernel modules for Transparent Proxying
 442 endef
 443
 444 $(eval $(call KernelPackage,ipt-tproxy))
 445
 446 define KernelPackage/ipt-tee
 447   TITLE:=TEE support
 448   DEPENDS:=+kmod-ipt-conntrack +IPV6:kmod-ipv6
 449   KCONFIG:= \
 450         CONFIG_NETFILTER_XT_TARGET_TEE
 451   FILES:= \
 452         $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
 453         $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
 454   AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
 455   $(call AddDepends/ipt)
 456 endef
 457
 458 define KernelPackage/ipt-tee/description
 459   Kernel modules for TEE
 460 endef
 461
 462 $(eval $(call KernelPackage,ipt-tee))
 463
 464
 465 define KernelPackage/ipt-u32
 466   TITLE:=U32 support
 467   KCONFIG:= \
 468         CONFIG_NETFILTER_XT_MATCH_U32
 469   FILES:= \
 470         $(LINUX_DIR)/net/netfilter/xt_u32.ko \
 471         $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
 472   AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
 473   $(call AddDepends/ipt)
 474 endef
 475
 476 define KernelPackage/ipt-u32/description
 477   Kernel modules for U32
 478 endef
 479
 480 $(eval $(call KernelPackage,ipt-u32))
 481
 482
 483 define KernelPackage/ipt-iprange
 484   TITLE:=Module for matching ip ranges
 485   KCONFIG:=$(KCONFIG_IPT_IPRANGE)
 486   FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
 487   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
 488   $(call AddDepends/ipt)
 489 endef
 490
 491 define KernelPackage/ipt-iprange/description
 492  Netfilter (IPv4) module for matching ip ranges
 493  Includes:
 494  - iprange
 495 endef
 496
 497 $(eval $(call KernelPackage,ipt-iprange))
 498
 499
 500 define KernelPackage/ipt-extra
 501   TITLE:=Extra modules
 502   KCONFIG:=$(KCONFIG_IPT_EXTRA)
 503   FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 504   AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
 505   $(call AddDepends/ipt)
 506 endef
 507
 508 define KernelPackage/ipt-extra/description
 509  Other Netfilter (IPv4) kernel modules
 510  Includes:
 511  - addrtype
 512  - owner
 513  - physdev (if bridge support was enabled in kernel)
 514  - pkttype
 515  - quota
 516 endef
 517
 518 $(eval $(call KernelPackage,ipt-extra))
 519
 520
 521 define KernelPackage/ip6tables
 522   SUBMENU:=$(NF_MENU)
 523   TITLE:=IPv6 modules
 524   DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
 525   KCONFIG:=$(KCONFIG_IPT_IPV6)
 526   FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
 527   AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
 528 endef
 529
 530 define KernelPackage/ip6tables/description
 531  Netfilter IPv6 firewalling support
 532 endef
 533
 534 $(eval $(call KernelPackage,ip6tables))
 535
 536 define KernelPackage/ip6tables-extra
 537   SUBMENU:=$(NF_MENU)
 538   TITLE:=Extra IPv6 modules
 539   DEPENDS:=+kmod-ip6tables
 540   KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
 541   FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
 542   AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
 543 endef
 544
 545 define KernelPackage/ip6tables-extra/description
 546  Netfilter IPv6 extra header matching modules
 547 endef
 548
 549 $(eval $(call KernelPackage,ip6tables-extra))
 550
 551 ARP_MODULES = arp_tables arpt_mangle arptable_filter
 552 define KernelPackage/arptables
 553   SUBMENU:=$(NF_MENU)
 554   TITLE:=ARP firewalling modules
 555   DEPENDS:=+kmod-ipt-core
 556   FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
 557   KCONFIG:=CONFIG_IP_NF_ARPTABLES \
 558     CONFIG_IP_NF_ARPFILTER \
 559     CONFIG_IP_NF_ARP_MANGLE
 560   AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
 561 endef
 562
 563 define KernelPackage/arptables/description
 564  Kernel modules for ARP firewalling
 565 endef
 566
 567 $(eval $(call KernelPackage,arptables))
 568
 569
 570 define KernelPackage/ebtables
 571   SUBMENU:=$(NF_MENU)
 572   TITLE:=Bridge firewalling modules
 573   DEPENDS:=+kmod-ipt-core +kmod-bridge
 574   FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
 575   KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
 576         $(KCONFIG_EBTABLES)
 577   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
 578 endef
 579
 580 define KernelPackage/ebtables/description
 581   ebtables is a general, extensible frame/packet identification
 582   framework. It provides you to do Ethernet
 583   filtering/NAT/brouting on the Ethernet bridge.
 584 endef
 585
 586 $(eval $(call KernelPackage,ebtables))
 587
 588
 589 define AddDepends/ebtables
 590   SUBMENU:=$(NF_MENU)
 591   DEPENDS+=kmod-ebtables $(1)
 592 endef
 593
 594
 595 define KernelPackage/ebtables-ipv4
 596   TITLE:=ebtables: IPv4 support
 597   FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
 598   KCONFIG:=$(KCONFIG_EBTABLES_IP4)
 599   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
 600   $(call AddDepends/ebtables)
 601 endef
 602
 603 define KernelPackage/ebtables-ipv4/description
 604  This option adds the IPv4 support to ebtables, which allows basic
 605  IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
 606 endef
 607
 608 $(eval $(call KernelPackage,ebtables-ipv4))
 609
 610
 611 define KernelPackage/ebtables-ipv6
 612   TITLE:=ebtables: IPv6 support
 613   FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
 614   KCONFIG:=$(KCONFIG_EBTABLES_IP6)
 615   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
 616   $(call AddDepends/ebtables)
 617 endef
 618
 619 define KernelPackage/ebtables-ipv6/description
 620  This option adds the IPv6 support to ebtables, which allows basic
 621  IPv6 header field filtering and target support.
 622 endef
 623
 624 $(eval $(call KernelPackage,ebtables-ipv6))
 625
 626
 627 define KernelPackage/ebtables-watchers
 628   TITLE:=ebtables: watchers support
 629   FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
 630   KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
 631   AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
 632   $(call AddDepends/ebtables)
 633 endef
 634
 635 define KernelPackage/ebtables-watchers/description
 636  This option adds the log watchers, that you can use in any rule
 637  in any ebtables table.
 638 endef
 639
 640 $(eval $(call KernelPackage,ebtables-watchers))
 641
 642
 643 define KernelPackage/nfnetlink
 644   SUBMENU:=$(NF_MENU)
 645   TITLE:=Netlink-based userspace interface
 646   FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
 647   KCONFIG:=$(KCONFIG_NFNETLINK)
 648   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
 649 endef
 650
 651 define KernelPackage/nfnetlink/description
 652  Kernel modules support for a netlink-based userspace interface
 653 endef
 654
 655 $(eval $(call KernelPackage,nfnetlink))
 656
 657
 658 define AddDepends/nfnetlink
 659   SUBMENU:=$(NF_MENU)
 660   DEPENDS+=+kmod-nfnetlink $(1)
 661 endef
 662
 663
 664 define KernelPackage/nfnetlink-log
 665   TITLE:=Netfilter LOG over NFNETLINK interface
 666   FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
 667   KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
 668   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
 669   $(call AddDepends/nfnetlink)
 670 endef
 671
 672 define KernelPackage/nfnetlink-log/description
 673  Kernel modules support for logging packets via NFNETLINK
 674  Includes:
 675  - NFLOG
 676 endef
 677
 678 $(eval $(call KernelPackage,nfnetlink-log))
 679
 680
 681 define KernelPackage/nfnetlink-queue
 682   TITLE:=Netfilter QUEUE over NFNETLINK interface
 683   FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
 684   KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
 685   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
 686   $(call AddDepends/nfnetlink)
 687 endef
 688
 689 define KernelPackage/nfnetlink-queue/description
 690  Kernel modules support for queueing packets via NFNETLINK
 691  Includes:
 692  - NFQUEUE
 693 endef
 694
 695 $(eval $(call KernelPackage,nfnetlink-queue))
 696
 697
 698 define KernelPackage/nf-conntrack-netlink
 699   TITLE:=Connection tracking netlink interface
 700   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
 701   KCONFIG:=CONFIG_NF_CT_NETLINK
 702   AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
 703   $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
 704 endef
 705
 706 define KernelPackage/nf-conntrack-netlink/description
 707  Kernel modules support for a netlink-based connection tracking
 708  userspace interface
 709 endef
 710
 711 $(eval $(call KernelPackage,nf-conntrack-netlink))
 712
 713 define KernelPackage/ipt-hashlimit
 714   SUBMENU:=$(NF_MENU)
 715   TITLE:=Netfilter hashlimit match
 716   DEPENDS:=+kmod-ipt-core
 717   KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
 718   FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
 719   AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
 720   $(call KernelPackage/ipt)
 721 endef
 722
 723 define KernelPackage/ipt-hashlimit/description
 724  Kernel modules support for the hashlimit bucket match module
 725 endef
 726
 727 $(eval $(call KernelPackage,ipt-hashlimit))
 728
 729
 730 define KernelPackage/nft-core
 731   SUBMENU:=$(NF_MENU)
 732   TITLE:=Netfilter nf_tables support
 733   DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
 734   FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
 735   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
 736   KCONFIG:= \
 737         CONFIG_NETFILTER=y \
 738         CONFIG_NETFILTER_ADVANCED=y \
 739         CONFIG_NFT_COMPAT=n \
 740         CONFIG_NFT_QUEUE=n \
 741         CONFIG_NF_TABLES_ARP=n \
 742         CONFIG_NF_TABLES_BRIDGE=n \
 743         $(KCONFIG_NFT_CORE)
 744 endef
 745
 746 define KernelPackage/nft-core/description
 747  Kernel module support for nftables
 748 endef
 749
 750 $(eval $(call KernelPackage,nft-core))
 751
 752
 753 define KernelPackage/nft-nat
 754   SUBMENU:=$(NF_MENU)
 755   TITLE:=Netfilter nf_tables NAT support
 756   DEPENDS:=+kmod-nft-core +kmod-nf-nat
 757   FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
 758   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
 759   KCONFIG:=$(KCONFIG_NFT_NAT)
 760 endef
 761
 762 $(eval $(call KernelPackage,nft-nat))
 763
 764
 765 define KernelPackage/nft-nat6
 766   SUBMENU:=$(NF_MENU)
 767   TITLE:=Netfilter nf_tables IPv6-NAT support
 768   DEPENDS:=+kmod-nft-core +kmod-nf-nat6
 769   FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
 770   AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
 771   KCONFIG:=$(KCONFIG_NFT_NAT6)
 772 endef
 773
 774 $(eval $(call KernelPackage,nft-nat6))
 775