projects / openwrt / staging / rmilecki.git / blob
? search:


6876f245dfebd2a681e6a3a27fd67604c7491b3e
[openwrt/staging/rmilecki.git] / package / kernel / linux / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13
14 define KernelPackage/nf-ipt
15 SUBMENU:=$(NF_MENU)
16 TITLE:=Iptables core
17 KCONFIG:= \
18 CONFIG_NETFILTER=y \
19 CONFIG_NETFILTER_ADVANCED=y \
20 $(KCONFIG_NF_IPT)
21 FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
22 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
23 endef
24
25 $(eval $(call KernelPackage,nf-ipt))
26
27
28 define KernelPackage/nf-ipt6
29 SUBMENU:=$(NF_MENU)
30 TITLE:=Ip6tables core
31 KCONFIG:=$(KCONFIG_NF_IPT6)
32 FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
33 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
34 DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
35 endef
36
37 $(eval $(call KernelPackage,nf-ipt6))
38
39
40
41 define KernelPackage/ipt-core
42 SUBMENU:=$(NF_MENU)
43 TITLE:=Iptables core
44 KCONFIG:=$(KCONFIG_IPT_CORE)
45 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
46 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
47 DEPENDS:=+kmod-nf-ipt
48 endef
49
50 define KernelPackage/ipt-core/description
51 Netfilter core kernel modules
52 Includes:
53 - comment
54 - limit
55 - LOG
56 - mac
57 - multiport
58 - REJECT
59 - TCPMSS
60 endef
61
62 $(eval $(call KernelPackage,ipt-core))
63
64
65 define KernelPackage/nf-conntrack
66 SUBMENU:=$(NF_MENU)
67 TITLE:=Netfilter connection tracking
68 KCONFIG:= \
69 CONFIG_NETFILTER=y \
70 CONFIG_NETFILTER_ADVANCED=y \
71 CONFIG_NF_CONNTRACK_ZONES=y \
72 $(KCONFIG_NF_CONNTRACK)
73 FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
74 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
75 endef
76
77 $(eval $(call KernelPackage,nf-conntrack))
78
79
80 define KernelPackage/nf-conntrack6
81 SUBMENU:=$(NF_MENU)
82 TITLE:=Netfilter IPv6 connection tracking
83 KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
84 DEPENDS:=@IPV6 +kmod-nf-conntrack
85 FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
86 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
87 endef
88
89 $(eval $(call KernelPackage,nf-conntrack6))
90
91
92 define KernelPackage/nf-nat
93 SUBMENU:=$(NF_MENU)
94 TITLE:=Netfilter NAT
95 KCONFIG:=$(KCONFIG_NF_NAT)
96 DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
97 FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
98 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
99 endef
100
101 $(eval $(call KernelPackage,nf-nat))
102
103
104 define KernelPackage/nf-nat6
105 SUBMENU:=$(NF_MENU)
106 TITLE:=Netfilter IPV6-NAT
107 KCONFIG:=$(KCONFIG_NF_NAT6)
108 DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
109 FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
110 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
111 endef
112
113 $(eval $(call KernelPackage,nf-nat6))
114
115
116 define AddDepends/ipt
117 SUBMENU:=$(NF_MENU)
118 DEPENDS+= +kmod-ipt-core $(1)
119 endef
120
121
122 define KernelPackage/ipt-conntrack
123 TITLE:=Basic connection tracking modules
124 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
125 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
126 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
127 $(call AddDepends/ipt,+kmod-nf-conntrack)
128 endef
129
130 define KernelPackage/ipt-conntrack/description
131 Netfilter (IPv4) kernel modules for connection tracking
132 Includes:
133 - conntrack
134 - defrag
135 - iptables_raw
136 - NOTRACK
137 - state
138 endef
139
140 $(eval $(call KernelPackage,ipt-conntrack))
141
142
143 define KernelPackage/ipt-conntrack-extra
144 TITLE:=Extra connection tracking modules
145 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
146 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
147 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
148 $(call AddDepends/ipt,+kmod-ipt-conntrack)
149 endef
150
151 define KernelPackage/ipt-conntrack-extra/description
152 Netfilter (IPv4) extra kernel modules for connection tracking
153 Includes:
154 - connbytes
155 - connmark/CONNMARK
156 - conntrack
157 - helper
158 - recent
159 endef
160
161 $(eval $(call KernelPackage,ipt-conntrack-extra))
162
163
164 define KernelPackage/ipt-filter
165 TITLE:=Modules for packet content inspection
166 KCONFIG:=$(KCONFIG_IPT_FILTER)
167 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
168 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
169 $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
170 endef
171
172 define KernelPackage/ipt-filter/description
173 Netfilter (IPv4) kernel modules for packet content inspection
174 Includes:
175 - string
176 endef
177
178 $(eval $(call KernelPackage,ipt-filter))
179
180
181 define KernelPackage/ipt-ipopt
182 TITLE:=Modules for matching/changing IP packet options
183 KCONFIG:=$(KCONFIG_IPT_IPOPT)
184 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
185 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
186 $(call AddDepends/ipt)
187 endef
188
189 define KernelPackage/ipt-ipopt/description
190 Netfilter (IPv4) modules for matching/changing IP packet options
191 Includes:
192 - CLASSIFY
193 - dscp/DSCP
194 - ecn/ECN
195 - hl/HL
196 - length
197 - mark/MARK
198 - statistic
199 - tcpmss
200 - time
201 - ttl/TTL
202 - unclean
203 endef
204
205 $(eval $(call KernelPackage,ipt-ipopt))
206
207
208 define KernelPackage/ipt-ipsec
209 TITLE:=Modules for matching IPSec packets
210 KCONFIG:=$(KCONFIG_IPT_IPSEC)
211 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
212 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
213 $(call AddDepends/ipt)
214 endef
215
216 define KernelPackage/ipt-ipsec/description
217 Netfilter (IPv4) modules for matching IPSec packets
218 Includes:
219 - ah
220 - esp
221 - policy
222 endef
223
224 $(eval $(call KernelPackage,ipt-ipsec))
225
226 IPSET_MODULES:= \
227 ipset/ip_set \
228 ipset/ip_set_bitmap_ip \
229 ipset/ip_set_bitmap_ipmac \
230 ipset/ip_set_bitmap_port \
231 ipset/ip_set_hash_ip \
232 ipset/ip_set_hash_ipmark \
233 ipset/ip_set_hash_ipport \
234 ipset/ip_set_hash_ipportip \
235 ipset/ip_set_hash_ipportnet \
236 ipset/ip_set_hash_mac \
237 ipset/ip_set_hash_netportnet \
238 ipset/ip_set_hash_net \
239 ipset/ip_set_hash_netnet \
240 ipset/ip_set_hash_netport \
241 ipset/ip_set_hash_netiface \
242 ipset/ip_set_list_set \
243 xt_set
244
245 define KernelPackage/ipt-ipset
246 SUBMENU:=Netfilter Extensions
247 TITLE:=IPset netfilter modules
248 DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
249 KCONFIG:= \
250 CONFIG_IP_SET \
251 CONFIG_IP_SET_MAX=256 \
252 CONFIG_NETFILTER_XT_SET \
253 CONFIG_IP_SET_BITMAP_IP \
254 CONFIG_IP_SET_BITMAP_IPMAC \
255 CONFIG_IP_SET_BITMAP_PORT \
256 CONFIG_IP_SET_HASH_IP \
257 CONFIG_IP_SET_HASH_IPMARK \
258 CONFIG_IP_SET_HASH_IPPORT \
259 CONFIG_IP_SET_HASH_IPPORTIP \
260 CONFIG_IP_SET_HASH_IPPORTNET \
261 CONFIG_IP_SET_HASH_MAC \
262 CONFIG_IP_SET_HASH_NET \
263 CONFIG_IP_SET_HASH_NETNET \
264 CONFIG_IP_SET_HASH_NETIFACE \
265 CONFIG_IP_SET_HASH_NETPORT \
266 CONFIG_IP_SET_HASH_NETPORTNET \
267 CONFIG_IP_SET_LIST_SET \
268 CONFIG_NET_EMATCH_IPSET=n
269 FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
270 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
271 endef
272 $(eval $(call KernelPackage,ipt-ipset))
273
274
275 define KernelPackage/ipt-nat
276 TITLE:=Basic NAT targets
277 KCONFIG:=$(KCONFIG_IPT_NAT)
278 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
279 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
280 $(call AddDepends/ipt,+kmod-nf-nat)
281 endef
282
283 define KernelPackage/ipt-nat/description
284 Netfilter (IPv4) kernel modules for basic NAT targets
285 Includes:
286 - MASQUERADE
287 endef
288
289 $(eval $(call KernelPackage,ipt-nat))
290
291
292 define KernelPackage/ipt-nat6
293 TITLE:=IPv6 NAT targets
294 KCONFIG:=$(KCONFIG_IPT_NAT6)
295 FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
296 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
297 $(call AddDepends/ipt,+kmod-nf-nat6)
298 $(call AddDepends/ipt,+kmod-ipt-conntrack)
299 $(call AddDepends/ipt,+kmod-ipt-nat)
300 $(call AddDepends/ipt,+kmod-ip6tables)
301 endef
302
303 define KernelPackage/ipt-nat6/description
304 Netfilter (IPv6) kernel modules for NAT targets
305 endef
306
307 $(eval $(call KernelPackage,ipt-nat6))
308
309
310 define KernelPackage/ipt-nat-extra
311 TITLE:=Extra NAT targets
312 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
313 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
314 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
315 $(call AddDepends/ipt,+kmod-ipt-nat)
316 endef
317
318 define KernelPackage/ipt-nat-extra/description
319 Netfilter (IPv4) kernel modules for extra NAT targets
320 Includes:
321 - NETMAP
322 - REDIRECT
323 endef
324
325 $(eval $(call KernelPackage,ipt-nat-extra))
326
327
328 define KernelPackage/nf-nathelper
329 SUBMENU:=$(NF_MENU)
330 TITLE:=Basic Conntrack and NAT helpers
331 KCONFIG:=$(KCONFIG_NF_NATHELPER)
332 FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
333 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
334 DEPENDS:=+kmod-nf-nat
335 endef
336
337 define KernelPackage/nf-nathelper/description
338 Default Netfilter (IPv4) Conntrack and NAT helpers
339 Includes:
340 - ftp
341 - irc
342 - tftp
343 endef
344
345 $(eval $(call KernelPackage,nf-nathelper))
346
347
348 define KernelPackage/nf-nathelper-extra
349 SUBMENU:=$(NF_MENU)
350 TITLE:=Extra Conntrack and NAT helpers
351 KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
352 FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
353 AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
354 DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
355 endef
356
357 define KernelPackage/nf-nathelper-extra/description
358 Extra Netfilter (IPv4) Conntrack and NAT helpers
359 Includes:
360 - amanda
361 - h323
362 - mms
363 - pptp
364 - proto_gre
365 - sip
366 - snmp_basic
367 - broadcast
368 endef
369
370 $(eval $(call KernelPackage,nf-nathelper-extra))
371
372
373 define KernelPackage/ipt-ulog
374 TITLE:=Module for user-space packet logging
375 KCONFIG:=$(KCONFIG_IPT_ULOG)
376 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
377 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
378 $(call AddDepends/ipt)
379 endef
380
381 define KernelPackage/ipt-ulog/description
382 Netfilter (IPv4) module for user-space packet logging
383 Includes:
384 - ULOG
385 endef
386
387 $(eval $(call KernelPackage,ipt-ulog))
388
389
390 define KernelPackage/ipt-nflog
391 TITLE:=Module for user-space packet logging
392 KCONFIG:=$(KCONFIG_IPT_NFLOG)
393 FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
394 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
395 $(call AddDepends/ipt,+kmod-nfnetlink-log)
396 endef
397
398 define KernelPackage/ipt-nflog/description
399 Netfilter module for user-space packet logging
400 Includes:
401 - NFLOG
402 endef
403
404 $(eval $(call KernelPackage,ipt-nflog))
405
406
407 define KernelPackage/ipt-nfqueue
408 TITLE:=Module for user-space packet queuing
409 KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
410 FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
411 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
412 $(call AddDepends/ipt,+kmod-nfnetlink-queue)
413 endef
414
415 define KernelPackage/ipt-nfqueue/description
416 Netfilter module for user-space packet queuing
417 Includes:
418 - NFQUEUE
419 endef
420
421 $(eval $(call KernelPackage,ipt-nfqueue))
422
423
424 define KernelPackage/ipt-debug
425 TITLE:=Module for debugging/development
426 KCONFIG:=$(KCONFIG_IPT_DEBUG)
427 DEFAULT:=n
428 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
429 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
430 $(call AddDepends/ipt)
431 endef
432
433 define KernelPackage/ipt-debug/description
434 Netfilter modules for debugging/development of the firewall
435 Includes:
436 - TRACE
437 endef
438
439 $(eval $(call KernelPackage,ipt-debug))
440
441
442 define KernelPackage/ipt-led
443 TITLE:=Module to trigger a LED with a Netfilter rule
444 KCONFIG:=$(KCONFIG_IPT_LED)
445 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
446 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
447 $(call AddDepends/ipt)
448 endef
449
450 define KernelPackage/ipt-led/description
451 Netfilter target to trigger a LED when a network packet is matched.
452 endef
453
454 $(eval $(call KernelPackage,ipt-led))
455
456 define KernelPackage/ipt-tproxy
457 TITLE:=Transparent proxying support
458 DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
459 KCONFIG:= \
460 CONFIG_NETFILTER_TPROXY \
461 CONFIG_NETFILTER_XT_MATCH_SOCKET \
462 CONFIG_NETFILTER_XT_TARGET_TPROXY
463 FILES:= \
464 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
465 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
466 $(call AddDepends/ipt)
467 endef
468
469 define KernelPackage/ipt-tproxy/description
470 Kernel modules for Transparent Proxying
471 endef
472
473 $(eval $(call KernelPackage,ipt-tproxy))
474
475 define KernelPackage/ipt-tee
476 TITLE:=TEE support
477 DEPENDS:=+kmod-ipt-conntrack @!LINUX_4_4
478 KCONFIG:= \
479 CONFIG_NETFILTER_XT_TARGET_TEE
480 FILES:= \
481 $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
482 $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
483 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
484 $(call AddDepends/ipt)
485 endef
486
487 define KernelPackage/ipt-tee/description
488 Kernel modules for TEE
489 endef
490
491 $(eval $(call KernelPackage,ipt-tee))
492
493
494 define KernelPackage/ipt-u32
495 TITLE:=U32 support
496 KCONFIG:= \
497 CONFIG_NETFILTER_XT_MATCH_U32
498 FILES:= \
499 $(LINUX_DIR)/net/netfilter/xt_u32.ko \
500 $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
501 AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
502 $(call AddDepends/ipt)
503 endef
504
505 define KernelPackage/ipt-u32/description
506 Kernel modules for U32
507 endef
508
509 $(eval $(call KernelPackage,ipt-u32))
510
511
512 define KernelPackage/ipt-iprange
513 TITLE:=Module for matching ip ranges
514 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
515 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
516 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
517 $(call AddDepends/ipt)
518 endef
519
520 define KernelPackage/ipt-iprange/description
521 Netfilter (IPv4) module for matching ip ranges
522 Includes:
523 - iprange
524 endef
525
526 $(eval $(call KernelPackage,ipt-iprange))
527
528 define KernelPackage/ipt-cluster
529 TITLE:=Module for matching cluster
530 KCONFIG:=$(KCONFIG_IPT_CLUSTER)
531 FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
532 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
533 $(call AddDepends/ipt)
534 endef
535
536 define KernelPackage/ipt-cluster/description
537 Netfilter (IPv4/IPv6) module for matching cluster
538 This option allows you to build work-load-sharing clusters of
539 network servers/stateful firewalls without having a dedicated
540 load-balancing router/server/switch. Basically, this match returns
541 true when the packet must be handled by this cluster node. Thus,
542 all nodes see all packets and this match decides which node handles
543 what packets. The work-load sharing algorithm is based on source
544 address hashing.
545
546 This module is usable for ipv4 and ipv6.
547
548 To use it also enable iptables-mod-cluster
549
550 see `iptables -m cluster --help` for more information.
551 endef
552
553 $(eval $(call KernelPackage,ipt-cluster))
554
555 define KernelPackage/ipt-clusterip
556 TITLE:=Module for CLUSTERIP
557 KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
558 FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
559 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
560 $(call AddDepends/ipt,+kmod-nf-conntrack)
561 endef
562
563 define KernelPackage/ipt-clusterip/description
564 Netfilter (IPv4-only) module for CLUSTERIP
565 The CLUSTERIP target allows you to build load-balancing clusters of
566 network servers without having a dedicated load-balancing
567 router/server/switch.
568
569 To use it also enable iptables-mod-clusterip
570
571 see `iptables -j CLUSTERIP --help` for more information.
572 endef
573
574 $(eval $(call KernelPackage,ipt-clusterip))
575
576
577 define KernelPackage/ipt-extra
578 TITLE:=Extra modules
579 KCONFIG:=$(KCONFIG_IPT_EXTRA)
580 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
581 AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
582 $(call AddDepends/ipt,+kmod-br-netfilter)
583 endef
584
585 define KernelPackage/ipt-extra/description
586 Other Netfilter (IPv4) kernel modules
587 Includes:
588 - addrtype
589 - owner
590 - physdev (if bridge support was enabled in kernel)
591 - pkttype
592 - quota
593 endef
594
595 $(eval $(call KernelPackage,ipt-extra))
596
597
598 define KernelPackage/ip6tables
599 SUBMENU:=$(NF_MENU)
600 TITLE:=IPv6 modules
601 DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
602 KCONFIG:=$(KCONFIG_IPT_IPV6)
603 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
604 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
605 endef
606
607 define KernelPackage/ip6tables/description
608 Netfilter IPv6 firewalling support
609 endef
610
611 $(eval $(call KernelPackage,ip6tables))
612
613 define KernelPackage/ip6tables-extra
614 SUBMENU:=$(NF_MENU)
615 TITLE:=Extra IPv6 modules
616 DEPENDS:=+kmod-ip6tables
617 KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
618 FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
619 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
620 endef
621
622 define KernelPackage/ip6tables-extra/description
623 Netfilter IPv6 extra header matching modules
624 endef
625
626 $(eval $(call KernelPackage,ip6tables-extra))
627
628 ARP_MODULES = arp_tables arpt_mangle arptable_filter
629 define KernelPackage/arptables
630 SUBMENU:=$(NF_MENU)
631 TITLE:=ARP firewalling modules
632 DEPENDS:=+kmod-ipt-core
633 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
634 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
635 CONFIG_IP_NF_ARPFILTER \
636 CONFIG_IP_NF_ARP_MANGLE
637 AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
638 endef
639
640 define KernelPackage/arptables/description
641 Kernel modules for ARP firewalling
642 endef
643
644 $(eval $(call KernelPackage,arptables))
645
646
647 define KernelPackage/br-netfilter
648 SUBMENU:=$(NF_MENU)
649 TITLE:=Bridge netfilter support modules
650 HIDDEN:=1
651 DEPENDS:=+kmod-ipt-core +kmod-bridge
652 FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
653 KCONFIG:=CONFIG_BRIDGE_NETFILTER
654 AUTOLOAD:=$(call AutoProbe,br_netfilter)
655 endef
656
657 $(eval $(call KernelPackage,br-netfilter))
658
659
660 define KernelPackage/ebtables
661 SUBMENU:=$(NF_MENU)
662 TITLE:=Bridge firewalling modules
663 DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter
664 FILES:= \
665 $(LINUX_DIR)/net/bridge/br_netfilter.ko \
666 $(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
667 KCONFIG:=CONFIG_BRIDGE_NETFILTER \
668 $(KCONFIG_EBTABLES)
669 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
670 endef
671
672 define KernelPackage/ebtables/description
673 ebtables is a general, extensible frame/packet identification
674 framework. It provides you to do Ethernet
675 filtering/NAT/brouting on the Ethernet bridge.
676 endef
677
678 $(eval $(call KernelPackage,ebtables))
679
680
681 define AddDepends/ebtables
682 SUBMENU:=$(NF_MENU)
683 DEPENDS+=kmod-ebtables $(1)
684 endef
685
686
687 define KernelPackage/ebtables-ipv4
688 TITLE:=ebtables: IPv4 support
689 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
690 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
691 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
692 $(call AddDepends/ebtables)
693 endef
694
695 define KernelPackage/ebtables-ipv4/description
696 This option adds the IPv4 support to ebtables, which allows basic
697 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
698 endef
699
700 $(eval $(call KernelPackage,ebtables-ipv4))
701
702
703 define KernelPackage/ebtables-ipv6
704 TITLE:=ebtables: IPv6 support
705 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
706 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
707 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
708 $(call AddDepends/ebtables)
709 endef
710
711 define KernelPackage/ebtables-ipv6/description
712 This option adds the IPv6 support to ebtables, which allows basic
713 IPv6 header field filtering and target support.
714 endef
715
716 $(eval $(call KernelPackage,ebtables-ipv6))
717
718
719 define KernelPackage/ebtables-watchers
720 TITLE:=ebtables: watchers support
721 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
722 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
723 AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
724 $(call AddDepends/ebtables)
725 endef
726
727 define KernelPackage/ebtables-watchers/description
728 This option adds the log watchers, that you can use in any rule
729 in any ebtables table.
730 endef
731
732 $(eval $(call KernelPackage,ebtables-watchers))
733
734
735 define KernelPackage/nfnetlink
736 SUBMENU:=$(NF_MENU)
737 TITLE:=Netlink-based userspace interface
738 FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
739 KCONFIG:=$(KCONFIG_NFNETLINK)
740 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
741 endef
742
743 define KernelPackage/nfnetlink/description
744 Kernel modules support for a netlink-based userspace interface
745 endef
746
747 $(eval $(call KernelPackage,nfnetlink))
748
749
750 define AddDepends/nfnetlink
751 SUBMENU:=$(NF_MENU)
752 DEPENDS+=+kmod-nfnetlink $(1)
753 endef
754
755
756 define KernelPackage/nfnetlink-log
757 TITLE:=Netfilter LOG over NFNETLINK interface
758 FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
759 KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
760 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
761 $(call AddDepends/nfnetlink)
762 endef
763
764 define KernelPackage/nfnetlink-log/description
765 Kernel modules support for logging packets via NFNETLINK
766 Includes:
767 - NFLOG
768 endef
769
770 $(eval $(call KernelPackage,nfnetlink-log))
771
772
773 define KernelPackage/nfnetlink-queue
774 TITLE:=Netfilter QUEUE over NFNETLINK interface
775 FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
776 KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
777 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
778 $(call AddDepends/nfnetlink)
779 endef
780
781 define KernelPackage/nfnetlink-queue/description
782 Kernel modules support for queueing packets via NFNETLINK
783 Includes:
784 - NFQUEUE
785 endef
786
787 $(eval $(call KernelPackage,nfnetlink-queue))
788
789
790 define KernelPackage/nf-conntrack-netlink
791 TITLE:=Connection tracking netlink interface
792 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
793 KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
794 AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
795 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
796 endef
797
798 define KernelPackage/nf-conntrack-netlink/description
799 Kernel modules support for a netlink-based connection tracking
800 userspace interface
801 endef
802
803 $(eval $(call KernelPackage,nf-conntrack-netlink))
804
805 define KernelPackage/ipt-hashlimit
806 SUBMENU:=$(NF_MENU)
807 TITLE:=Netfilter hashlimit match
808 DEPENDS:=+kmod-ipt-core
809 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
810 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
811 AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
812 $(call KernelPackage/ipt)
813 endef
814
815 define KernelPackage/ipt-hashlimit/description
816 Kernel modules support for the hashlimit bucket match module
817 endef
818
819 $(eval $(call KernelPackage,ipt-hashlimit))
820
821
822 define KernelPackage/nft-core
823 SUBMENU:=$(NF_MENU)
824 TITLE:=Netfilter nf_tables support
825 DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6
826 FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
827 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
828 KCONFIG:= \
829 CONFIG_NETFILTER=y \
830 CONFIG_NETFILTER_ADVANCED=y \
831 CONFIG_NFT_COMPAT=n \
832 CONFIG_NFT_QUEUE=n \
833 CONFIG_NF_TABLES_ARP=n \
834 CONFIG_NF_TABLES_BRIDGE=n \
835 $(KCONFIG_NFT_CORE)
836 endef
837
838 define KernelPackage/nft-core/description
839 Kernel module support for nftables
840 endef
841
842 $(eval $(call KernelPackage,nft-core))
843
844
845 define KernelPackage/nft-nat
846 SUBMENU:=$(NF_MENU)
847 TITLE:=Netfilter nf_tables NAT support
848 DEPENDS:=+kmod-nft-core +kmod-nf-nat
849 FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
850 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
851 KCONFIG:=$(KCONFIG_NFT_NAT)
852 endef
853
854 $(eval $(call KernelPackage,nft-nat))
855
856
857 define KernelPackage/nft-nat6
858 SUBMENU:=$(NF_MENU)
859 TITLE:=Netfilter nf_tables IPv6-NAT support
860 DEPENDS:=+kmod-nft-core +kmod-nf-nat6
861 FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
862 AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
863 KCONFIG:=$(KCONFIG_NFT_NAT6)
864 endef
865
866 $(eval $(call KernelPackage,nft-nat6))
867
Rafal Mileckis staging tree