OpenWrt – Blame information for rev 2
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | |
2 | # |
||
3 | # Copyright (C) 2006-2010 OpenWrt.org |
||
4 | # |
||
5 | # This is free software, licensed under the GNU General Public License v2. |
||
6 | # See /LICENSE for more information. |
||
7 | # |
||
8 | |||
9 | NF_MENU:=Netfilter Extensions |
||
10 | NF_KMOD:=1 |
||
11 | include $(INCLUDE_DIR)/netfilter.mk |
||
12 | |||
13 | |||
14 | define KernelPackage/nf-reject |
||
15 | SUBMENU:=$(NF_MENU) |
||
16 | TITLE:=Netfilter IPv4 reject support |
||
17 | KCONFIG:= \ |
||
18 | CONFIG_NETFILTER=y \ |
||
19 | CONFIG_NETFILTER_ADVANCED=y \ |
||
20 | $(KCONFIG_NF_REJECT) |
||
21 | FILES:=$(foreach mod,$(NF_REJECT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
22 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT-m))) |
||
23 | endef |
||
24 | |||
25 | $(eval $(call KernelPackage,nf-reject)) |
||
26 | |||
27 | |||
28 | define KernelPackage/nf-reject6 |
||
29 | SUBMENU:=$(NF_MENU) |
||
30 | TITLE:=Netfilter IPv6 reject support |
||
31 | KCONFIG:= \ |
||
32 | CONFIG_NETFILTER=y \ |
||
33 | CONFIG_NETFILTER_ADVANCED=y \ |
||
34 | $(KCONFIG_NF_REJECT6) |
||
35 | DEPENDS:=@IPV6 |
||
36 | FILES:=$(foreach mod,$(NF_REJECT6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
37 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_REJECT6-m))) |
||
38 | endef |
||
39 | |||
40 | $(eval $(call KernelPackage,nf-reject6)) |
||
41 | |||
42 | |||
43 | define KernelPackage/nf-ipt |
||
44 | SUBMENU:=$(NF_MENU) |
||
45 | TITLE:=Iptables core |
||
46 | KCONFIG:=$(KCONFIG_NF_IPT) |
||
47 | FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
48 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m))) |
||
49 | endef |
||
50 | |||
51 | $(eval $(call KernelPackage,nf-ipt)) |
||
52 | |||
53 | |||
54 | define KernelPackage/nf-ipt6 |
||
55 | SUBMENU:=$(NF_MENU) |
||
56 | TITLE:=Ip6tables core |
||
57 | KCONFIG:=$(KCONFIG_NF_IPT6) |
||
58 | FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
59 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m))) |
||
60 | DEPENDS:=+kmod-nf-ipt |
||
61 | endef |
||
62 | |||
63 | $(eval $(call KernelPackage,nf-ipt6)) |
||
64 | |||
65 | |||
66 | |||
67 | define KernelPackage/ipt-core |
||
68 | SUBMENU:=$(NF_MENU) |
||
69 | TITLE:=Iptables core |
||
70 | KCONFIG:=$(KCONFIG_IPT_CORE) |
||
71 | FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
72 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m))) |
||
73 | DEPENDS:=+kmod-nf-reject +kmod-nf-ipt |
||
74 | endef |
||
75 | |||
76 | define KernelPackage/ipt-core/description |
||
77 | Netfilter core kernel modules |
||
78 | Includes: |
||
79 | - comment |
||
80 | - limit |
||
81 | - LOG |
||
82 | - mac |
||
83 | - multiport |
||
84 | - REJECT |
||
85 | - TCPMSS |
||
86 | endef |
||
87 | |||
88 | $(eval $(call KernelPackage,ipt-core)) |
||
89 | |||
90 | |||
91 | define KernelPackage/nf-conntrack |
||
92 | SUBMENU:=$(NF_MENU) |
||
93 | TITLE:=Netfilter connection tracking |
||
94 | KCONFIG:= \ |
||
95 | CONFIG_NETFILTER=y \ |
||
96 | CONFIG_NETFILTER_ADVANCED=y \ |
||
97 | CONFIG_NF_CONNTRACK_MARK=y \ |
||
98 | CONFIG_NF_CONNTRACK_ZONES=y \ |
||
99 | $(KCONFIG_NF_CONNTRACK) |
||
100 | FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) |
||
101 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m))) |
||
102 | endef |
||
103 | |||
104 | define KernelPackage/nf-conntrack/install |
||
105 | $(INSTALL_DIR) $(1)/etc/sysctl.d |
||
106 | $(INSTALL_DATA) ./files/sysctl-nf-conntrack.conf $(1)/etc/sysctl.d/11-nf-conntrack.conf |
||
107 | endef |
||
108 | |||
109 | $(eval $(call KernelPackage,nf-conntrack)) |
||
110 | |||
111 | |||
112 | define KernelPackage/nf-conntrack6 |
||
113 | SUBMENU:=$(NF_MENU) |
||
114 | TITLE:=Netfilter IPv6 connection tracking |
||
115 | KCONFIG:=$(KCONFIG_NF_CONNTRACK6) |
||
116 | DEPENDS:=@IPV6 +kmod-nf-conntrack |
||
117 | FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
118 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m))) |
||
119 | endef |
||
120 | |||
121 | $(eval $(call KernelPackage,nf-conntrack6)) |
||
122 | |||
123 | |||
124 | define KernelPackage/nf-nat |
||
125 | SUBMENU:=$(NF_MENU) |
||
126 | TITLE:=Netfilter NAT |
||
127 | KCONFIG:=$(KCONFIG_NF_NAT) |
||
128 | DEPENDS:=+kmod-nf-conntrack |
||
129 | FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
130 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m))) |
||
131 | endef |
||
132 | |||
133 | $(eval $(call KernelPackage,nf-nat)) |
||
134 | |||
135 | |||
136 | define KernelPackage/nf-nat6 |
||
137 | SUBMENU:=$(NF_MENU) |
||
138 | TITLE:=Netfilter IPV6-NAT |
||
139 | KCONFIG:=$(KCONFIG_NF_NAT6) |
||
140 | DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-nat |
||
141 | FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
142 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m))) |
||
143 | endef |
||
144 | |||
145 | $(eval $(call KernelPackage,nf-nat6)) |
||
146 | |||
147 | |||
148 | define KernelPackage/nf-flow |
||
149 | SUBMENU:=$(NF_MENU) |
||
150 | TITLE:=Netfilter flowtable support |
||
151 | KCONFIG:= \ |
||
152 | CONFIG_NETFILTER_INGRESS=y \ |
||
153 | CONFIG_NF_FLOW_TABLE \ |
||
154 | CONFIG_NF_FLOW_TABLE_HW |
||
155 | DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_9 |
||
156 | FILES:= \ |
||
157 | $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ |
||
158 | $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko |
||
159 | AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw) |
||
160 | endef |
||
161 | |||
162 | $(eval $(call KernelPackage,nf-flow)) |
||
163 | |||
164 | |||
165 | define AddDepends/ipt |
||
166 | SUBMENU:=$(NF_MENU) |
||
167 | DEPENDS+= +kmod-ipt-core $(1) |
||
168 | endef |
||
169 | |||
170 | |||
171 | define KernelPackage/ipt-conntrack |
||
172 | TITLE:=Basic connection tracking modules |
||
173 | KCONFIG:=$(KCONFIG_IPT_CONNTRACK) |
||
174 | FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko) |
||
175 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m))) |
||
176 | $(call AddDepends/ipt,+kmod-nf-conntrack) |
||
177 | endef |
||
178 | |||
179 | define KernelPackage/ipt-conntrack/description |
||
180 | Netfilter (IPv4) kernel modules for connection tracking |
||
181 | Includes: |
||
182 | - conntrack |
||
183 | - defrag |
||
184 | - iptables_raw |
||
185 | - NOTRACK |
||
186 | - state |
||
187 | endef |
||
188 | |||
189 | $(eval $(call KernelPackage,ipt-conntrack)) |
||
190 | |||
191 | |||
192 | define KernelPackage/ipt-conntrack-extra |
||
193 | TITLE:=Extra connection tracking modules |
||
194 | KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA) |
||
195 | FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
||
196 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m))) |
||
197 | $(call AddDepends/ipt,+kmod-ipt-conntrack) |
||
198 | endef |
||
199 | |||
200 | define KernelPackage/ipt-conntrack-extra/description |
||
201 | Netfilter (IPv4) extra kernel modules for connection tracking |
||
202 | Includes: |
||
203 | - connbytes |
||
204 | - connmark/CONNMARK |
||
205 | - conntrack |
||
206 | - helper |
||
207 | - recent |
||
208 | endef |
||
209 | |||
210 | $(eval $(call KernelPackage,ipt-conntrack-extra)) |
||
211 | |||
212 | define KernelPackage/ipt-conntrack-label |
||
213 | TITLE:=Module for handling connection tracking labels |
||
214 | KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL) |
||
215 | FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko) |
||
216 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m))) |
||
217 | $(call AddDepends/ipt,+kmod-ipt-conntrack) |
||
218 | endef |
||
219 | |||
220 | define KernelPackage/ipt-conntrack-label/description |
||
221 | Netfilter (IPv4) module for handling connection tracking labels |
||
222 | Includes: |
||
223 | - connlabel |
||
224 | endef |
||
225 | |||
226 | $(eval $(call KernelPackage,ipt-conntrack-label)) |
||
227 | |||
228 | define KernelPackage/ipt-filter |
||
229 | TITLE:=Modules for packet content inspection |
||
230 | KCONFIG:=$(KCONFIG_IPT_FILTER) |
||
231 | FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko) |
||
232 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m))) |
||
233 | $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack) |
||
234 | endef |
||
235 | |||
236 | define KernelPackage/ipt-filter/description |
||
237 | Netfilter (IPv4) kernel modules for packet content inspection |
||
238 | Includes: |
||
239 | - string |
||
240 | - bpf |
||
241 | endef |
||
242 | |||
243 | $(eval $(call KernelPackage,ipt-filter)) |
||
244 | |||
245 | |||
246 | define KernelPackage/ipt-offload |
||
247 | TITLE:=Netfilter routing/NAT offload support |
||
248 | KCONFIG:=CONFIG_NETFILTER_XT_TARGET_FLOWOFFLOAD |
||
249 | FILES:=$(foreach mod,$(IPT_FLOW-m),$(LINUX_DIR)/net/$(mod).ko) |
||
250 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FLOW-m))) |
||
251 | $(call AddDepends/ipt,+kmod-nf-flow) |
||
252 | endef |
||
253 | |||
254 | $(eval $(call KernelPackage,ipt-offload)) |
||
255 | |||
256 | |||
257 | define KernelPackage/ipt-ipopt |
||
258 | TITLE:=Modules for matching/changing IP packet options |
||
259 | KCONFIG:=$(KCONFIG_IPT_IPOPT) |
||
260 | FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
261 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m))) |
||
262 | $(call AddDepends/ipt) |
||
263 | endef |
||
264 | |||
265 | define KernelPackage/ipt-ipopt/description |
||
266 | Netfilter (IPv4) modules for matching/changing IP packet options |
||
267 | Includes: |
||
268 | - CLASSIFY |
||
269 | - dscp/DSCP |
||
270 | - ecn/ECN |
||
271 | - hl/HL |
||
272 | - length |
||
273 | - mark/MARK |
||
274 | - statistic |
||
275 | - tcpmss |
||
276 | - time |
||
277 | - ttl/TTL |
||
278 | - unclean |
||
279 | endef |
||
280 | |||
281 | $(eval $(call KernelPackage,ipt-ipopt)) |
||
282 | |||
283 | |||
284 | define KernelPackage/ipt-ipsec |
||
285 | TITLE:=Modules for matching IPSec packets |
||
286 | KCONFIG:=$(KCONFIG_IPT_IPSEC) |
||
287 | FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko) |
||
288 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m))) |
||
289 | $(call AddDepends/ipt) |
||
290 | endef |
||
291 | |||
292 | define KernelPackage/ipt-ipsec/description |
||
293 | Netfilter (IPv4) modules for matching IPSec packets |
||
294 | Includes: |
||
295 | - ah |
||
296 | - esp |
||
297 | - policy |
||
298 | endef |
||
299 | |||
300 | $(eval $(call KernelPackage,ipt-ipsec)) |
||
301 | |||
302 | IPSET_MODULES:= \ |
||
303 | ipset/ip_set \ |
||
304 | ipset/ip_set_bitmap_ip \ |
||
305 | ipset/ip_set_bitmap_ipmac \ |
||
306 | ipset/ip_set_bitmap_port \ |
||
307 | ipset/ip_set_hash_ip \ |
||
308 | ipset/ip_set_hash_ipmark \ |
||
309 | ipset/ip_set_hash_ipport \ |
||
310 | ipset/ip_set_hash_ipportip \ |
||
311 | ipset/ip_set_hash_ipportnet \ |
||
312 | ipset/ip_set_hash_mac \ |
||
313 | ipset/ip_set_hash_netportnet \ |
||
314 | ipset/ip_set_hash_net \ |
||
315 | ipset/ip_set_hash_netnet \ |
||
316 | ipset/ip_set_hash_netport \ |
||
317 | ipset/ip_set_hash_netiface \ |
||
318 | ipset/ip_set_list_set \ |
||
319 | xt_set |
||
320 | |||
321 | define KernelPackage/ipt-ipset |
||
322 | SUBMENU:=Netfilter Extensions |
||
323 | TITLE:=IPset netfilter modules |
||
324 | DEPENDS+= +kmod-ipt-core +kmod-nfnetlink |
||
325 | KCONFIG:= \ |
||
326 | CONFIG_IP_SET \ |
||
327 | CONFIG_IP_SET_MAX=256 \ |
||
328 | CONFIG_NETFILTER_XT_SET \ |
||
329 | CONFIG_IP_SET_BITMAP_IP \ |
||
330 | CONFIG_IP_SET_BITMAP_IPMAC \ |
||
331 | CONFIG_IP_SET_BITMAP_PORT \ |
||
332 | CONFIG_IP_SET_HASH_IP \ |
||
333 | CONFIG_IP_SET_HASH_IPMAC \ |
||
334 | CONFIG_IP_SET_HASH_IPMARK \ |
||
335 | CONFIG_IP_SET_HASH_IPPORT \ |
||
336 | CONFIG_IP_SET_HASH_IPPORTIP \ |
||
337 | CONFIG_IP_SET_HASH_IPPORTNET \ |
||
338 | CONFIG_IP_SET_HASH_MAC \ |
||
339 | CONFIG_IP_SET_HASH_NET \ |
||
340 | CONFIG_IP_SET_HASH_NETNET \ |
||
341 | CONFIG_IP_SET_HASH_NETIFACE \ |
||
342 | CONFIG_IP_SET_HASH_NETPORT \ |
||
343 | CONFIG_IP_SET_HASH_NETPORTNET \ |
||
344 | CONFIG_IP_SET_LIST_SET \ |
||
345 | CONFIG_NET_EMATCH_IPSET=n |
||
346 | FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko) |
||
347 | AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) |
||
348 | endef |
||
349 | $(eval $(call KernelPackage,ipt-ipset)) |
||
350 | |||
351 | |||
352 | IPVS_MODULES:= \ |
||
353 | ipvs/ip_vs \ |
||
354 | ipvs/ip_vs_lc \ |
||
355 | ipvs/ip_vs_wlc \ |
||
356 | ipvs/ip_vs_rr \ |
||
357 | ipvs/ip_vs_wrr \ |
||
358 | ipvs/ip_vs_lblc \ |
||
359 | ipvs/ip_vs_lblcr \ |
||
360 | ipvs/ip_vs_dh \ |
||
361 | ipvs/ip_vs_sh \ |
||
362 | ipvs/ip_vs_fo \ |
||
363 | ipvs/ip_vs_ovf \ |
||
364 | ipvs/ip_vs_nq \ |
||
365 | ipvs/ip_vs_sed \ |
||
366 | xt_ipvs |
||
367 | |||
368 | define KernelPackage/nf-ipvs |
||
369 | SUBMENU:=Netfilter Extensions |
||
370 | TITLE:=IP Virtual Server modules |
||
371 | DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack |
||
372 | KCONFIG:= \ |
||
373 | CONFIG_IP_VS \ |
||
374 | CONFIG_IP_VS_IPV6=y \ |
||
375 | CONFIG_IP_VS_DEBUG=n \ |
||
376 | CONFIG_IP_VS_PROTO_TCP=y \ |
||
377 | CONFIG_IP_VS_PROTO_UDP=y \ |
||
378 | CONFIG_IP_VS_PROTO_AH_ESP=y \ |
||
379 | CONFIG_IP_VS_PROTO_ESP=y \ |
||
380 | CONFIG_IP_VS_PROTO_AH=y \ |
||
381 | CONFIG_IP_VS_PROTO_SCTP=y \ |
||
382 | CONFIG_IP_VS_TAB_BITS=12 \ |
||
383 | CONFIG_IP_VS_RR \ |
||
384 | CONFIG_IP_VS_WRR \ |
||
385 | CONFIG_IP_VS_LC \ |
||
386 | CONFIG_IP_VS_WLC \ |
||
387 | CONFIG_IP_VS_FO \ |
||
388 | CONFIG_IP_VS_OVF \ |
||
389 | CONFIG_IP_VS_LBLC \ |
||
390 | CONFIG_IP_VS_LBLCR \ |
||
391 | CONFIG_IP_VS_DH \ |
||
392 | CONFIG_IP_VS_SH \ |
||
393 | CONFIG_IP_VS_SED \ |
||
394 | CONFIG_IP_VS_NQ \ |
||
395 | CONFIG_IP_VS_SH_TAB_BITS=8 \ |
||
396 | CONFIG_IP_VS_NFCT=y \ |
||
397 | CONFIG_NETFILTER_XT_MATCH_IPVS |
||
398 | FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko) |
||
399 | $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack) |
||
400 | endef |
||
401 | |||
402 | define KernelPackage/nf-ipvs/description |
||
403 | IPVS (IP Virtual Server) implements transport-layer load balancing inside |
||
404 | the Linux kernel so called Layer-4 switching. |
||
405 | endef |
||
406 | |||
407 | $(eval $(call KernelPackage,nf-ipvs)) |
||
408 | |||
409 | |||
410 | define KernelPackage/nf-ipvs-ftp |
||
411 | SUBMENU:=$(NF_MENU) |
||
412 | TITLE:=Virtual Server FTP protocol support |
||
413 | KCONFIG:=CONFIG_IP_VS_FTP |
||
414 | DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper |
||
415 | FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko |
||
416 | endef |
||
417 | |||
418 | define KernelPackage/nf-ipvs-ftp/description |
||
419 | In the virtual server via Network Address Translation, |
||
420 | the IP address and port number of real servers cannot be sent to |
||
421 | clients in ftp connections directly, so FTP protocol helper is |
||
422 | required for tracking the connection and mangling it back to that of |
||
423 | virtual service. |
||
424 | endef |
||
425 | |||
426 | $(eval $(call KernelPackage,nf-ipvs-ftp)) |
||
427 | |||
428 | |||
429 | define KernelPackage/nf-ipvs-sip |
||
430 | SUBMENU:=$(NF_MENU) |
||
431 | TITLE:=Virtual Server SIP protocol support |
||
432 | KCONFIG:=CONFIG_IP_VS_PE_SIP |
||
433 | DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra |
||
434 | FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko |
||
435 | endef |
||
436 | |||
437 | define KernelPackage/nf-ipvs-sip/description |
||
438 | Allow persistence based on the SIP Call-ID |
||
439 | endef |
||
440 | |||
441 | $(eval $(call KernelPackage,nf-ipvs-sip)) |
||
442 | |||
443 | |||
444 | define KernelPackage/ipt-nat |
||
445 | TITLE:=Basic NAT targets |
||
446 | KCONFIG:=$(KCONFIG_IPT_NAT) |
||
447 | FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
448 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m))) |
||
449 | $(call AddDepends/ipt,+kmod-nf-nat) |
||
450 | endef |
||
451 | |||
452 | define KernelPackage/ipt-nat/description |
||
453 | Netfilter (IPv4) kernel modules for basic NAT targets |
||
454 | Includes: |
||
455 | - MASQUERADE |
||
456 | endef |
||
457 | |||
458 | $(eval $(call KernelPackage,ipt-nat)) |
||
459 | |||
460 | |||
461 | define KernelPackage/ipt-raw |
||
462 | TITLE:=Netfilter IPv4 raw table support |
||
463 | KCONFIG:=CONFIG_IP_NF_RAW |
||
464 | FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko |
||
465 | AUTOLOAD:=$(call AutoProbe,iptable_raw) |
||
466 | $(call AddDepends/ipt) |
||
467 | endef |
||
468 | |||
469 | $(eval $(call KernelPackage,ipt-raw)) |
||
470 | |||
471 | |||
472 | define KernelPackage/ipt-raw6 |
||
473 | TITLE:=Netfilter IPv6 raw table support |
||
474 | KCONFIG:=CONFIG_IP6_NF_RAW |
||
475 | FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko |
||
476 | AUTOLOAD:=$(call AutoProbe,ip6table_raw) |
||
477 | $(call AddDepends/ipt,+kmod-ip6tables) |
||
478 | endef |
||
479 | |||
480 | $(eval $(call KernelPackage,ipt-raw6)) |
||
481 | |||
482 | |||
483 | define KernelPackage/ipt-nat6 |
||
484 | TITLE:=IPv6 NAT targets |
||
485 | KCONFIG:=$(KCONFIG_IPT_NAT6) |
||
486 | FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
487 | AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m))) |
||
488 | $(call AddDepends/ipt,+kmod-nf-nat6) |
||
489 | $(call AddDepends/ipt,+kmod-ipt-conntrack) |
||
490 | $(call AddDepends/ipt,+kmod-ipt-nat) |
||
491 | $(call AddDepends/ipt,+kmod-ip6tables) |
||
492 | endef |
||
493 | |||
494 | define KernelPackage/ipt-nat6/description |
||
495 | Netfilter (IPv6) kernel modules for NAT targets |
||
496 | endef |
||
497 | |||
498 | $(eval $(call KernelPackage,ipt-nat6)) |
||
499 | |||
500 | |||
501 | define KernelPackage/ipt-nat-extra |
||
502 | TITLE:=Extra NAT targets |
||
503 | KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA) |
||
504 | FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
||
505 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m))) |
||
506 | $(call AddDepends/ipt,+kmod-ipt-nat) |
||
507 | endef |
||
508 | |||
509 | define KernelPackage/ipt-nat-extra/description |
||
510 | Netfilter (IPv4) kernel modules for extra NAT targets |
||
511 | Includes: |
||
512 | - NETMAP |
||
513 | - REDIRECT |
||
514 | endef |
||
515 | |||
516 | $(eval $(call KernelPackage,ipt-nat-extra)) |
||
517 | |||
518 | |||
519 | define KernelPackage/nf-nathelper |
||
520 | SUBMENU:=$(NF_MENU) |
||
521 | TITLE:=Basic Conntrack and NAT helpers |
||
522 | KCONFIG:=$(KCONFIG_NF_NATHELPER) |
||
523 | FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko) |
||
524 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m))) |
||
525 | DEPENDS:=+kmod-nf-nat |
||
526 | endef |
||
527 | |||
528 | define KernelPackage/nf-nathelper/description |
||
529 | Default Netfilter (IPv4) Conntrack and NAT helpers |
||
530 | Includes: |
||
531 | - ftp |
||
532 | endef |
||
533 | |||
534 | $(eval $(call KernelPackage,nf-nathelper)) |
||
535 | |||
536 | |||
537 | define KernelPackage/nf-nathelper-extra |
||
538 | SUBMENU:=$(NF_MENU) |
||
539 | TITLE:=Extra Conntrack and NAT helpers |
||
540 | KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA) |
||
541 | FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
||
542 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m))) |
||
543 | DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +LINUX_4_19:kmod-asn1-decoder |
||
544 | endef |
||
545 | |||
546 | define KernelPackage/nf-nathelper-extra/description |
||
547 | Extra Netfilter (IPv4) Conntrack and NAT helpers |
||
548 | Includes: |
||
549 | - amanda |
||
550 | - h323 |
||
551 | - irc |
||
552 | - mms |
||
553 | - pptp |
||
554 | - proto_gre |
||
555 | - sip |
||
556 | - snmp_basic |
||
557 | - tftp |
||
558 | - broadcast |
||
559 | endef |
||
560 | |||
561 | $(eval $(call KernelPackage,nf-nathelper-extra)) |
||
562 | |||
563 | |||
564 | define KernelPackage/ipt-ulog |
||
565 | TITLE:=Module for user-space packet logging |
||
566 | KCONFIG:=$(KCONFIG_IPT_ULOG) |
||
567 | FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko) |
||
568 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m))) |
||
569 | $(call AddDepends/ipt) |
||
570 | endef |
||
571 | |||
572 | define KernelPackage/ipt-ulog/description |
||
573 | Netfilter (IPv4) module for user-space packet logging |
||
574 | Includes: |
||
575 | - ULOG |
||
576 | endef |
||
577 | |||
578 | $(eval $(call KernelPackage,ipt-ulog)) |
||
579 | |||
580 | |||
581 | define KernelPackage/ipt-nflog |
||
582 | TITLE:=Module for user-space packet logging |
||
583 | KCONFIG:=$(KCONFIG_IPT_NFLOG) |
||
584 | FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko) |
||
585 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m))) |
||
586 | $(call AddDepends/ipt,+kmod-nfnetlink-log) |
||
587 | endef |
||
588 | |||
589 | define KernelPackage/ipt-nflog/description |
||
590 | Netfilter module for user-space packet logging |
||
591 | Includes: |
||
592 | - NFLOG |
||
593 | endef |
||
594 | |||
595 | $(eval $(call KernelPackage,ipt-nflog)) |
||
596 | |||
597 | |||
598 | define KernelPackage/ipt-nfqueue |
||
599 | TITLE:=Module for user-space packet queuing |
||
600 | KCONFIG:=$(KCONFIG_IPT_NFQUEUE) |
||
601 | FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
602 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m))) |
||
603 | $(call AddDepends/ipt,+kmod-nfnetlink-queue) |
||
604 | endef |
||
605 | |||
606 | define KernelPackage/ipt-nfqueue/description |
||
607 | Netfilter module for user-space packet queuing |
||
608 | Includes: |
||
609 | - NFQUEUE |
||
610 | endef |
||
611 | |||
612 | $(eval $(call KernelPackage,ipt-nfqueue)) |
||
613 | |||
614 | |||
615 | define KernelPackage/ipt-debug |
||
616 | TITLE:=Module for debugging/development |
||
617 | KCONFIG:=$(KCONFIG_IPT_DEBUG) |
||
618 | FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko) |
||
619 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m))) |
||
620 | $(call AddDepends/ipt,+kmod-ipt-raw +IPV6:kmod-ipt-raw6) |
||
621 | endef |
||
622 | |||
623 | define KernelPackage/ipt-debug/description |
||
624 | Netfilter modules for debugging/development of the firewall |
||
625 | Includes: |
||
626 | - TRACE |
||
627 | endef |
||
628 | |||
629 | $(eval $(call KernelPackage,ipt-debug)) |
||
630 | |||
631 | |||
632 | define KernelPackage/ipt-led |
||
633 | TITLE:=Module to trigger a LED with a Netfilter rule |
||
634 | KCONFIG:=$(KCONFIG_IPT_LED) |
||
635 | FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko) |
||
636 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m))) |
||
637 | $(call AddDepends/ipt) |
||
638 | endef |
||
639 | |||
640 | define KernelPackage/ipt-led/description |
||
641 | Netfilter target to trigger a LED when a network packet is matched. |
||
642 | endef |
||
643 | |||
644 | $(eval $(call KernelPackage,ipt-led)) |
||
645 | |||
646 | define KernelPackage/ipt-tproxy |
||
647 | TITLE:=Transparent proxying support |
||
648 | DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables |
||
649 | KCONFIG:= \ |
||
650 | CONFIG_NF_SOCKET_IPV4 \ |
||
651 | CONFIG_NF_SOCKET_IPV6 \ |
||
652 | CONFIG_NETFILTER_XT_MATCH_SOCKET \ |
||
653 | CONFIG_NETFILTER_XT_TARGET_TPROXY |
||
654 | FILES:= \ |
||
655 | $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) |
||
656 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) |
||
657 | $(call AddDepends/ipt) |
||
658 | endef |
||
659 | |||
660 | define KernelPackage/ipt-tproxy/description |
||
661 | Kernel modules for Transparent Proxying |
||
662 | endef |
||
663 | |||
664 | $(eval $(call KernelPackage,ipt-tproxy)) |
||
665 | |||
666 | define KernelPackage/ipt-tee |
||
667 | TITLE:=TEE support |
||
668 | DEPENDS:=+kmod-ipt-conntrack |
||
669 | KCONFIG:= \ |
||
670 | CONFIG_NETFILTER_XT_TARGET_TEE |
||
671 | FILES:= \ |
||
672 | $(LINUX_DIR)/net/netfilter/xt_TEE.ko \ |
||
673 | $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
674 | AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m))) |
||
675 | $(call AddDepends/ipt) |
||
676 | endef |
||
677 | |||
678 | define KernelPackage/ipt-tee/description |
||
679 | Kernel modules for TEE |
||
680 | endef |
||
681 | |||
682 | $(eval $(call KernelPackage,ipt-tee)) |
||
683 | |||
684 | |||
685 | define KernelPackage/ipt-u32 |
||
686 | TITLE:=U32 support |
||
687 | KCONFIG:= \ |
||
688 | CONFIG_NETFILTER_XT_MATCH_U32 |
||
689 | FILES:= \ |
||
690 | $(LINUX_DIR)/net/netfilter/xt_u32.ko \ |
||
691 | $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko) |
||
692 | AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m))) |
||
693 | $(call AddDepends/ipt) |
||
694 | endef |
||
695 | |||
696 | define KernelPackage/ipt-u32/description |
||
697 | Kernel modules for U32 |
||
698 | endef |
||
699 | |||
700 | $(eval $(call KernelPackage,ipt-u32)) |
||
701 | |||
702 | define KernelPackage/ipt-checksum |
||
703 | TITLE:=CHECKSUM support |
||
704 | KCONFIG:= \ |
||
705 | CONFIG_NETFILTER_XT_TARGET_CHECKSUM |
||
706 | FILES:= \ |
||
707 | $(LINUX_DIR)/net/netfilter/xt_CHECKSUM.ko \ |
||
708 | $(foreach mod,$(IPT_CHECKSUM-m),$(LINUX_DIR)/net/$(mod).ko) |
||
709 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CHECKSUM-m))) |
||
710 | $(call AddDepends/ipt) |
||
711 | endef |
||
712 | |||
713 | define KernelPackage/ipt-checksum/description |
||
714 | Kernel modules for CHECKSUM fillin target |
||
715 | endef |
||
716 | |||
717 | $(eval $(call KernelPackage,ipt-checksum)) |
||
718 | |||
719 | |||
720 | define KernelPackage/ipt-iprange |
||
721 | TITLE:=Module for matching ip ranges |
||
722 | KCONFIG:=$(KCONFIG_IPT_IPRANGE) |
||
723 | FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
724 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m))) |
||
725 | $(call AddDepends/ipt) |
||
726 | endef |
||
727 | |||
728 | define KernelPackage/ipt-iprange/description |
||
729 | Netfilter (IPv4) module for matching ip ranges |
||
730 | Includes: |
||
731 | - iprange |
||
732 | endef |
||
733 | |||
734 | $(eval $(call KernelPackage,ipt-iprange)) |
||
735 | |||
736 | define KernelPackage/ipt-cluster |
||
737 | TITLE:=Module for matching cluster |
||
738 | KCONFIG:=$(KCONFIG_IPT_CLUSTER) |
||
739 | FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko) |
||
740 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m))) |
||
741 | $(call AddDepends/ipt,+kmod-nf-conntrack) |
||
742 | endef |
||
743 | |||
744 | define KernelPackage/ipt-cluster/description |
||
745 | Netfilter (IPv4/IPv6) module for matching cluster |
||
746 | This option allows you to build work-load-sharing clusters of |
||
747 | network servers/stateful firewalls without having a dedicated |
||
748 | load-balancing router/server/switch. Basically, this match returns |
||
749 | true when the packet must be handled by this cluster node. Thus, |
||
750 | all nodes see all packets and this match decides which node handles |
||
751 | what packets. The work-load sharing algorithm is based on source |
||
752 | address hashing. |
||
753 | |||
754 | This module is usable for ipv4 and ipv6. |
||
755 | |||
756 | To use it also enable iptables-mod-cluster |
||
757 | |||
758 | see `iptables -m cluster --help` for more information. |
||
759 | endef |
||
760 | |||
761 | $(eval $(call KernelPackage,ipt-cluster)) |
||
762 | |||
763 | define KernelPackage/ipt-clusterip |
||
764 | TITLE:=Module for CLUSTERIP |
||
765 | KCONFIG:=$(KCONFIG_IPT_CLUSTERIP) |
||
766 | FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko) |
||
767 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m))) |
||
768 | $(call AddDepends/ipt,+kmod-nf-conntrack) |
||
769 | endef |
||
770 | |||
771 | define KernelPackage/ipt-clusterip/description |
||
772 | Netfilter (IPv4-only) module for CLUSTERIP |
||
773 | The CLUSTERIP target allows you to build load-balancing clusters of |
||
774 | network servers without having a dedicated load-balancing |
||
775 | router/server/switch. |
||
776 | |||
777 | To use it also enable iptables-mod-clusterip |
||
778 | |||
779 | see `iptables -j CLUSTERIP --help` for more information. |
||
780 | endef |
||
781 | |||
782 | $(eval $(call KernelPackage,ipt-clusterip)) |
||
783 | |||
784 | |||
785 | define KernelPackage/ipt-extra |
||
786 | TITLE:=Extra modules |
||
787 | KCONFIG:=$(KCONFIG_IPT_EXTRA) |
||
788 | FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
||
789 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m))) |
||
790 | $(call AddDepends/ipt) |
||
791 | endef |
||
792 | |||
793 | define KernelPackage/ipt-extra/description |
||
794 | Other Netfilter (IPv4) kernel modules |
||
795 | Includes: |
||
796 | - addrtype |
||
797 | - owner |
||
798 | - pkttype |
||
799 | - quota |
||
800 | endef |
||
801 | |||
802 | $(eval $(call KernelPackage,ipt-extra)) |
||
803 | |||
804 | |||
805 | define KernelPackage/ipt-physdev |
||
806 | TITLE:=physdev module |
||
807 | KCONFIG:=$(KCONFIG_IPT_PHYSDEV) |
||
808 | FILES:=$(foreach mod,$(IPT_PHYSDEV-m),$(LINUX_DIR)/net/$(mod).ko) |
||
809 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_PHYSDEV-m))) |
||
810 | $(call AddDepends/ipt,+kmod-br-netfilter) |
||
811 | endef |
||
812 | |||
813 | define KernelPackage/ipt-physdev/description |
||
814 | The iptables physdev kernel module |
||
815 | endef |
||
816 | |||
817 | $(eval $(call KernelPackage,ipt-physdev)) |
||
818 | |||
819 | |||
820 | define KernelPackage/ip6tables |
||
821 | SUBMENU:=$(NF_MENU) |
||
822 | TITLE:=IPv6 modules |
||
823 | DEPENDS:=+kmod-nf-reject6 +kmod-nf-ipt6 +kmod-ipt-core |
||
824 | KCONFIG:=$(KCONFIG_IPT_IPV6) |
||
825 | FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
826 | AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m))) |
||
827 | endef |
||
828 | |||
829 | define KernelPackage/ip6tables/description |
||
830 | Netfilter IPv6 firewalling support |
||
831 | endef |
||
832 | |||
833 | $(eval $(call KernelPackage,ip6tables)) |
||
834 | |||
835 | define KernelPackage/ip6tables-extra |
||
836 | SUBMENU:=$(NF_MENU) |
||
837 | TITLE:=Extra IPv6 modules |
||
838 | DEPENDS:=+kmod-ip6tables |
||
839 | KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA) |
||
840 | FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
||
841 | AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m))) |
||
842 | endef |
||
843 | |||
844 | define KernelPackage/ip6tables-extra/description |
||
845 | Netfilter IPv6 extra header matching modules |
||
846 | endef |
||
847 | |||
848 | $(eval $(call KernelPackage,ip6tables-extra)) |
||
849 | |||
850 | ARP_MODULES = arp_tables arpt_mangle arptable_filter |
||
851 | define KernelPackage/arptables |
||
852 | SUBMENU:=$(NF_MENU) |
||
853 | TITLE:=ARP firewalling modules |
||
854 | DEPENDS:=+kmod-ipt-core |
||
855 | FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko |
||
856 | KCONFIG:=CONFIG_IP_NF_ARPTABLES \ |
||
857 | CONFIG_IP_NF_ARPFILTER \ |
||
858 | CONFIG_IP_NF_ARP_MANGLE |
||
859 | AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES)) |
||
860 | endef |
||
861 | |||
862 | define KernelPackage/arptables/description |
||
863 | Kernel modules for ARP firewalling |
||
864 | endef |
||
865 | |||
866 | $(eval $(call KernelPackage,arptables)) |
||
867 | |||
868 | |||
869 | define KernelPackage/br-netfilter |
||
870 | SUBMENU:=$(NF_MENU) |
||
871 | TITLE:=Bridge netfilter support modules |
||
872 | DEPENDS:=+kmod-ipt-core |
||
873 | FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko |
||
874 | KCONFIG:=CONFIG_BRIDGE_NETFILTER |
||
875 | AUTOLOAD:=$(call AutoProbe,br_netfilter) |
||
876 | endef |
||
877 | |||
878 | define KernelPackage/br-netfilter/install |
||
879 | $(INSTALL_DIR) $(1)/etc/sysctl.d |
||
880 | $(INSTALL_DATA) ./files/sysctl-br-netfilter.conf $(1)/etc/sysctl.d/11-br-netfilter.conf |
||
881 | endef |
||
882 | |||
883 | $(eval $(call KernelPackage,br-netfilter)) |
||
884 | |||
885 | |||
886 | define KernelPackage/ebtables |
||
887 | SUBMENU:=$(NF_MENU) |
||
888 | TITLE:=Bridge firewalling modules |
||
889 | DEPENDS:=+kmod-ipt-core |
||
890 | FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko) |
||
891 | KCONFIG:=$(KCONFIG_EBTABLES) |
||
892 | AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m))) |
||
893 | endef |
||
894 | |||
895 | define KernelPackage/ebtables/description |
||
896 | ebtables is a general, extensible frame/packet identification |
||
897 | framework. It provides you to do Ethernet |
||
898 | filtering/NAT/brouting on the Ethernet bridge. |
||
899 | endef |
||
900 | |||
901 | $(eval $(call KernelPackage,ebtables)) |
||
902 | |||
903 | |||
904 | define AddDepends/ebtables |
||
905 | SUBMENU:=$(NF_MENU) |
||
906 | DEPENDS+= +kmod-ebtables $(1) |
||
907 | endef |
||
908 | |||
909 | |||
910 | define KernelPackage/ebtables-ipv4 |
||
911 | TITLE:=ebtables: IPv4 support |
||
912 | FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko) |
||
913 | KCONFIG:=$(KCONFIG_EBTABLES_IP4) |
||
914 | AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m))) |
||
915 | $(call AddDepends/ebtables) |
||
916 | endef |
||
917 | |||
918 | define KernelPackage/ebtables-ipv4/description |
||
919 | This option adds the IPv4 support to ebtables, which allows basic |
||
920 | IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets. |
||
921 | endef |
||
922 | |||
923 | $(eval $(call KernelPackage,ebtables-ipv4)) |
||
924 | |||
925 | |||
926 | define KernelPackage/ebtables-ipv6 |
||
927 | TITLE:=ebtables: IPv6 support |
||
928 | FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
929 | KCONFIG:=$(KCONFIG_EBTABLES_IP6) |
||
930 | AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m))) |
||
931 | $(call AddDepends/ebtables) |
||
932 | endef |
||
933 | |||
934 | define KernelPackage/ebtables-ipv6/description |
||
935 | This option adds the IPv6 support to ebtables, which allows basic |
||
936 | IPv6 header field filtering and target support. |
||
937 | endef |
||
938 | |||
939 | $(eval $(call KernelPackage,ebtables-ipv6)) |
||
940 | |||
941 | |||
942 | define KernelPackage/ebtables-watchers |
||
943 | TITLE:=ebtables: watchers support |
||
944 | FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko) |
||
945 | KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS) |
||
946 | AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m))) |
||
947 | $(call AddDepends/ebtables) |
||
948 | endef |
||
949 | |||
950 | define KernelPackage/ebtables-watchers/description |
||
951 | This option adds the log watchers, that you can use in any rule |
||
952 | in any ebtables table. |
||
953 | endef |
||
954 | |||
955 | $(eval $(call KernelPackage,ebtables-watchers)) |
||
956 | |||
957 | |||
958 | define KernelPackage/nfnetlink |
||
959 | SUBMENU:=$(NF_MENU) |
||
960 | TITLE:=Netlink-based userspace interface |
||
961 | FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) |
||
962 | KCONFIG:=$(KCONFIG_NFNETLINK) |
||
963 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m))) |
||
964 | endef |
||
965 | |||
966 | define KernelPackage/nfnetlink/description |
||
967 | Kernel modules support for a netlink-based userspace interface |
||
968 | endef |
||
969 | |||
970 | $(eval $(call KernelPackage,nfnetlink)) |
||
971 | |||
972 | |||
973 | define AddDepends/nfnetlink |
||
974 | SUBMENU:=$(NF_MENU) |
||
975 | DEPENDS+=+kmod-nfnetlink $(1) |
||
976 | endef |
||
977 | |||
978 | |||
979 | define KernelPackage/nfnetlink-log |
||
980 | TITLE:=Netfilter LOG over NFNETLINK interface |
||
981 | FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) |
||
982 | KCONFIG:=$(KCONFIG_NFNETLINK_LOG) |
||
983 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m))) |
||
984 | $(call AddDepends/nfnetlink) |
||
985 | endef |
||
986 | |||
987 | define KernelPackage/nfnetlink-log/description |
||
988 | Kernel modules support for logging packets via NFNETLINK |
||
989 | Includes: |
||
990 | - NFLOG |
||
991 | endef |
||
992 | |||
993 | $(eval $(call KernelPackage,nfnetlink-log)) |
||
994 | |||
995 | |||
996 | define KernelPackage/nfnetlink-queue |
||
997 | TITLE:=Netfilter QUEUE over NFNETLINK interface |
||
998 | FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
999 | KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) |
||
1000 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m))) |
||
1001 | $(call AddDepends/nfnetlink) |
||
1002 | endef |
||
1003 | |||
1004 | define KernelPackage/nfnetlink-queue/description |
||
1005 | Kernel modules support for queueing packets via NFNETLINK |
||
1006 | Includes: |
||
1007 | - NFQUEUE |
||
1008 | endef |
||
1009 | |||
1010 | $(eval $(call KernelPackage,nfnetlink-queue)) |
||
1011 | |||
1012 | |||
1013 | define KernelPackage/nf-conntrack-netlink |
||
1014 | TITLE:=Connection tracking netlink interface |
||
1015 | FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko |
||
1016 | KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y |
||
1017 | AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink) |
||
1018 | $(call AddDepends/nfnetlink,+kmod-ipt-conntrack) |
||
1019 | endef |
||
1020 | |||
1021 | define KernelPackage/nf-conntrack-netlink/description |
||
1022 | Kernel modules support for a netlink-based connection tracking |
||
1023 | userspace interface |
||
1024 | endef |
||
1025 | |||
1026 | $(eval $(call KernelPackage,nf-conntrack-netlink)) |
||
1027 | |||
1028 | define KernelPackage/ipt-hashlimit |
||
1029 | SUBMENU:=$(NF_MENU) |
||
1030 | TITLE:=Netfilter hashlimit match |
||
1031 | DEPENDS:=+kmod-ipt-core |
||
1032 | KCONFIG:=$(KCONFIG_IPT_HASHLIMIT) |
||
1033 | FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko |
||
1034 | AUTOLOAD:=$(call AutoProbe,xt_hashlimit) |
||
1035 | $(call KernelPackage/ipt) |
||
1036 | endef |
||
1037 | |||
1038 | define KernelPackage/ipt-hashlimit/description |
||
1039 | Kernel modules support for the hashlimit bucket match module |
||
1040 | endef |
||
1041 | |||
1042 | $(eval $(call KernelPackage,ipt-hashlimit)) |
||
1043 | |||
1044 | define KernelPackage/ipt-rpfilter |
||
1045 | SUBMENU:=$(NF_MENU) |
||
1046 | TITLE:=Netfilter rpfilter match |
||
1047 | DEPENDS:=+kmod-ipt-core |
||
1048 | KCONFIG:=$(KCONFIG_IPT_RPFILTER) |
||
1049 | FILES:=$(realpath \ |
||
1050 | $(LINUX_DIR)/net/ipv4/netfilter/ipt_rpfilter.ko \ |
||
1051 | $(LINUX_DIR)/net/ipv6/netfilter/ip6t_rpfilter.ko) |
||
1052 | AUTOLOAD:=$(call AutoProbe,ipt_rpfilter ip6t_rpfilter) |
||
1053 | $(call KernelPackage/ipt) |
||
1054 | endef |
||
1055 | |||
1056 | define KernelPackage/ipt-rpfilter/description |
||
1057 | Kernel modules support for the Netfilter rpfilter match |
||
1058 | endef |
||
1059 | |||
1060 | $(eval $(call KernelPackage,ipt-rpfilter)) |
||
1061 | |||
1062 | |||
1063 | define KernelPackage/nft-core |
||
1064 | SUBMENU:=$(NF_MENU) |
||
1065 | TITLE:=Netfilter nf_tables support |
||
1066 | DEPENDS:=+kmod-nfnetlink +kmod-nf-reject +kmod-nf-reject6 +kmod-nf-conntrack6 |
||
1067 | FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1068 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m))) |
||
1069 | KCONFIG:= \ |
||
1070 | CONFIG_NFT_COMPAT=n \ |
||
1071 | CONFIG_NFT_QUEUE=n \ |
||
1072 | $(KCONFIG_NFT_CORE) |
||
1073 | endef |
||
1074 | |||
1075 | define KernelPackage/nft-core/description |
||
1076 | Kernel module support for nftables |
||
1077 | endef |
||
1078 | |||
1079 | $(eval $(call KernelPackage,nft-core)) |
||
1080 | |||
1081 | |||
1082 | define KernelPackage/nft-arp |
||
1083 | SUBMENU:=$(NF_MENU) |
||
1084 | TITLE:=Netfilter nf_tables ARP table support |
||
1085 | DEPENDS:=+kmod-nft-core |
||
1086 | FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1087 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m))) |
||
1088 | KCONFIG:=$(KCONFIG_NFT_ARP) |
||
1089 | endef |
||
1090 | |||
1091 | $(eval $(call KernelPackage,nft-arp)) |
||
1092 | |||
1093 | |||
1094 | define KernelPackage/nft-bridge |
||
1095 | SUBMENU:=$(NF_MENU) |
||
1096 | TITLE:=Netfilter nf_tables bridge table support |
||
1097 | DEPENDS:=+kmod-nft-core |
||
1098 | FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1099 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m))) |
||
1100 | KCONFIG:= \ |
||
1101 | CONFIG_NF_LOG_BRIDGE=n \ |
||
1102 | $(KCONFIG_NFT_BRIDGE) |
||
1103 | endef |
||
1104 | |||
1105 | $(eval $(call KernelPackage,nft-bridge)) |
||
1106 | |||
1107 | |||
1108 | define KernelPackage/nft-nat |
||
1109 | SUBMENU:=$(NF_MENU) |
||
1110 | TITLE:=Netfilter nf_tables NAT support |
||
1111 | DEPENDS:=+kmod-nft-core +kmod-nf-nat |
||
1112 | FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1113 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m))) |
||
1114 | KCONFIG:=$(KCONFIG_NFT_NAT) |
||
1115 | endef |
||
1116 | |||
1117 | $(eval $(call KernelPackage,nft-nat)) |
||
1118 | |||
1119 | |||
1120 | define KernelPackage/nft-offload |
||
1121 | SUBMENU:=$(NF_MENU) |
||
1122 | TITLE:=Netfilter nf_tables routing/NAT offload support |
||
1123 | DEPENDS:=+kmod-nf-flow +kmod-nft-nat |
||
1124 | KCONFIG:= \ |
||
1125 | CONFIG_NF_FLOW_TABLE_INET \ |
||
1126 | CONFIG_NF_FLOW_TABLE_IPV4 \ |
||
1127 | CONFIG_NF_FLOW_TABLE_IPV6 \ |
||
1128 | CONFIG_NFT_FLOW_OFFLOAD |
||
1129 | FILES:= \ |
||
1130 | $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \ |
||
1131 | $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \ |
||
1132 | $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \ |
||
1133 | $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko |
||
1134 | AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload) |
||
1135 | endef |
||
1136 | |||
1137 | $(eval $(call KernelPackage,nft-offload)) |
||
1138 | |||
1139 | |||
1140 | define KernelPackage/nft-nat6 |
||
1141 | SUBMENU:=$(NF_MENU) |
||
1142 | TITLE:=Netfilter nf_tables IPv6-NAT support |
||
1143 | DEPENDS:=+kmod-nft-nat +kmod-nf-nat6 |
||
1144 | FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1145 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) |
||
1146 | KCONFIG:=$(KCONFIG_NFT_NAT6) |
||
1147 | endef |
||
1148 | |||
1149 | $(eval $(call KernelPackage,nft-nat6)) |
||
1150 | |||
1151 | define KernelPackage/nft-netdev |
||
1152 | SUBMENU:=$(NF_MENU) |
||
1153 | TITLE:=Netfilter nf_tables netdev support |
||
1154 | DEPENDS:=+kmod-nft-core |
||
1155 | KCONFIG:= \ |
||
1156 | CONFIG_NETFILTER_INGRESS=y \ |
||
1157 | CONFIG_NF_TABLES_NETDEV \ |
||
1158 | CONFIG_NF_DUP_NETDEV \ |
||
1159 | CONFIG_NFT_DUP_NETDEV \ |
||
1160 | CONFIG_NFT_FWD_NETDEV |
||
1161 | FILES:= \ |
||
1162 | $(LINUX_DIR)/net/netfilter/nf_tables_netdev.ko@lt4.17 \ |
||
1163 | $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \ |
||
1164 | $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \ |
||
1165 | $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko |
||
1166 | AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev) |
||
1167 | endef |
||
1168 | |||
1169 | $(eval $(call KernelPackage,nft-netdev)) |
||
1170 | |||
1171 | |||
1172 | define KernelPackage/nft-fib |
||
1173 | SUBMENU:=$(NF_MENU) |
||
1174 | TITLE:=Netfilter nf_tables fib support |
||
1175 | DEPENDS:=+kmod-nft-core |
||
1176 | FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko) |
||
1177 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m))) |
||
1178 | KCONFIG:=$(KCONFIG_NFT_FIB) |
||
1179 | endef |
||
1180 | |||
1181 | $(eval $(call KernelPackage,nft-fib)) |