OpenWrt – Diff between revs 2 and 3
?pathlinks?
| Rev 2 | Rev 3 | |||
|---|---|---|---|---|
| Line 150... | Line 150... | |||
| 150 | TITLE:=Netfilter flowtable support |
150 | TITLE:=Netfilter flowtable support |
|
| 151 | KCONFIG:= \ |
151 | KCONFIG:= \ |
|
| 152 | CONFIG_NETFILTER_INGRESS=y \ |
152 | CONFIG_NETFILTER_INGRESS=y \ |
|
| 153 | CONFIG_NF_FLOW_TABLE \ |
153 | CONFIG_NF_FLOW_TABLE \ |
|
| 154 | CONFIG_NF_FLOW_TABLE_HW |
154 | CONFIG_NF_FLOW_TABLE_HW |
|
| 155 | DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_9 |
155 | DEPENDS:=+kmod-nf-conntrack @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9 |
|
| 156 | FILES:= \ |
156 | FILES:= \ |
|
| 157 | $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ |
157 | $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \ |
|
| 158 | $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko |
158 | $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko |
|
| 159 | AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw) |
159 | AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw) |
|
| 160 | endef |
160 | endef |
|
| Line 235... | Line 235... | |||
| 235 | |
235 | |
|
| 236 | define KernelPackage/ipt-filter/description |
236 | define KernelPackage/ipt-filter/description |
|
| 237 | Netfilter (IPv4) kernel modules for packet content inspection |
237 | Netfilter (IPv4) kernel modules for packet content inspection |
|
| 238 | Includes: |
238 | Includes: |
|
| 239 | - string |
- | ||
| 240 | - bpf |
239 | - string |
|
| Line 241... | Line 240... | |||
| 241 | endef |
240 | endef |
|
| Line 328... | Line 327... | |||
| 328 | CONFIG_NETFILTER_XT_SET \ |
327 | CONFIG_NETFILTER_XT_SET \ |
|
| 329 | CONFIG_IP_SET_BITMAP_IP \ |
328 | CONFIG_IP_SET_BITMAP_IP \ |
|
| 330 | CONFIG_IP_SET_BITMAP_IPMAC \ |
329 | CONFIG_IP_SET_BITMAP_IPMAC \ |
|
| 331 | CONFIG_IP_SET_BITMAP_PORT \ |
330 | CONFIG_IP_SET_BITMAP_PORT \ |
|
| 332 | CONFIG_IP_SET_HASH_IP \ |
331 | CONFIG_IP_SET_HASH_IP \ |
|
| 333 | CONFIG_IP_SET_HASH_IPMAC \ |
- | ||
| 334 | CONFIG_IP_SET_HASH_IPMARK \ |
332 | CONFIG_IP_SET_HASH_IPMARK \ |
|
| 335 | CONFIG_IP_SET_HASH_IPPORT \ |
333 | CONFIG_IP_SET_HASH_IPPORT \ |
|
| 336 | CONFIG_IP_SET_HASH_IPPORTIP \ |
334 | CONFIG_IP_SET_HASH_IPPORTIP \ |
|
| 337 | CONFIG_IP_SET_HASH_IPPORTNET \ |
335 | CONFIG_IP_SET_HASH_IPPORTNET \ |
|
| 338 | CONFIG_IP_SET_HASH_MAC \ |
336 | CONFIG_IP_SET_HASH_MAC \ |
|
| Line 347... | Line 345... | |||
| 347 | AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) |
345 | AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES))) |
|
| 348 | endef |
346 | endef |
|
| 349 | $(eval $(call KernelPackage,ipt-ipset)) |
347 | $(eval $(call KernelPackage,ipt-ipset)) |
|
| Line 350... | Line -... | |||
| 350 | |
- | ||
| 351 | |
- | ||
| 352 | IPVS_MODULES:= \ |
- | ||
| 353 | ipvs/ip_vs \ |
- | ||
| 354 | ipvs/ip_vs_lc \ |
- | ||
| 355 | ipvs/ip_vs_wlc \ |
- | ||
| 356 | ipvs/ip_vs_rr \ |
- | ||
| 357 | ipvs/ip_vs_wrr \ |
- | ||
| 358 | ipvs/ip_vs_lblc \ |
- | ||
| 359 | ipvs/ip_vs_lblcr \ |
- | ||
| 360 | ipvs/ip_vs_dh \ |
- | ||
| 361 | ipvs/ip_vs_sh \ |
- | ||
| 362 | ipvs/ip_vs_fo \ |
- | ||
| 363 | ipvs/ip_vs_ovf \ |
- | ||
| 364 | ipvs/ip_vs_nq \ |
- | ||
| 365 | ipvs/ip_vs_sed \ |
- | ||
| 366 | xt_ipvs |
- | ||
| 367 | |
- | ||
| 368 | define KernelPackage/nf-ipvs |
- | ||
| 369 | SUBMENU:=Netfilter Extensions |
- | ||
| 370 | TITLE:=IP Virtual Server modules |
- | ||
| 371 | DEPENDS:=@IPV6 +kmod-lib-crc32c +kmod-ipt-conntrack +kmod-nf-conntrack |
- | ||
| 372 | KCONFIG:= \ |
- | ||
| 373 | CONFIG_IP_VS \ |
- | ||
| 374 | CONFIG_IP_VS_IPV6=y \ |
- | ||
| 375 | CONFIG_IP_VS_DEBUG=n \ |
- | ||
| 376 | CONFIG_IP_VS_PROTO_TCP=y \ |
- | ||
| 377 | CONFIG_IP_VS_PROTO_UDP=y \ |
- | ||
| 378 | CONFIG_IP_VS_PROTO_AH_ESP=y \ |
- | ||
| 379 | CONFIG_IP_VS_PROTO_ESP=y \ |
- | ||
| 380 | CONFIG_IP_VS_PROTO_AH=y \ |
- | ||
| 381 | CONFIG_IP_VS_PROTO_SCTP=y \ |
- | ||
| 382 | CONFIG_IP_VS_TAB_BITS=12 \ |
- | ||
| 383 | CONFIG_IP_VS_RR \ |
- | ||
| 384 | CONFIG_IP_VS_WRR \ |
- | ||
| 385 | CONFIG_IP_VS_LC \ |
- | ||
| 386 | CONFIG_IP_VS_WLC \ |
- | ||
| 387 | CONFIG_IP_VS_FO \ |
- | ||
| 388 | CONFIG_IP_VS_OVF \ |
- | ||
| 389 | CONFIG_IP_VS_LBLC \ |
- | ||
| 390 | CONFIG_IP_VS_LBLCR \ |
- | ||
| 391 | CONFIG_IP_VS_DH \ |
- | ||
| 392 | CONFIG_IP_VS_SH \ |
- | ||
| 393 | CONFIG_IP_VS_SED \ |
- | ||
| 394 | CONFIG_IP_VS_NQ \ |
- | ||
| 395 | CONFIG_IP_VS_SH_TAB_BITS=8 \ |
- | ||
| 396 | CONFIG_IP_VS_NFCT=y \ |
- | ||
| 397 | CONFIG_NETFILTER_XT_MATCH_IPVS |
- | ||
| 398 | FILES:=$(foreach mod,$(IPVS_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko) |
- | ||
| 399 | $(call AddDepends/ipt,+kmod-ipt-conntrack,+kmod-nf-conntrack) |
- | ||
| 400 | endef |
- | ||
| 401 | |
- | ||
| 402 | define KernelPackage/nf-ipvs/description |
- | ||
| 403 | IPVS (IP Virtual Server) implements transport-layer load balancing inside |
- | ||
| 404 | the Linux kernel so called Layer-4 switching. |
- | ||
| 405 | endef |
- | ||
| 406 | |
- | ||
| 407 | $(eval $(call KernelPackage,nf-ipvs)) |
- | ||
| 408 | |
- | ||
| 409 | |
- | ||
| 410 | define KernelPackage/nf-ipvs-ftp |
- | ||
| 411 | SUBMENU:=$(NF_MENU) |
- | ||
| 412 | TITLE:=Virtual Server FTP protocol support |
- | ||
| 413 | KCONFIG:=CONFIG_IP_VS_FTP |
- | ||
| 414 | DEPENDS:=kmod-nf-ipvs +kmod-nf-nat +kmod-nf-nathelper |
- | ||
| 415 | FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_ftp.ko |
- | ||
| 416 | endef |
- | ||
| 417 | |
- | ||
| 418 | define KernelPackage/nf-ipvs-ftp/description |
- | ||
| 419 | In the virtual server via Network Address Translation, |
- | ||
| 420 | the IP address and port number of real servers cannot be sent to |
- | ||
| 421 | clients in ftp connections directly, so FTP protocol helper is |
- | ||
| 422 | required for tracking the connection and mangling it back to that of |
- | ||
| 423 | virtual service. |
- | ||
| 424 | endef |
- | ||
| 425 | |
- | ||
| 426 | $(eval $(call KernelPackage,nf-ipvs-ftp)) |
- | ||
| 427 | |
- | ||
| 428 | |
- | ||
| 429 | define KernelPackage/nf-ipvs-sip |
- | ||
| 430 | SUBMENU:=$(NF_MENU) |
- | ||
| 431 | TITLE:=Virtual Server SIP protocol support |
- | ||
| 432 | KCONFIG:=CONFIG_IP_VS_PE_SIP |
- | ||
| 433 | DEPENDS:=kmod-nf-ipvs +kmod-nf-nathelper-extra |
- | ||
| 434 | FILES:=$(LINUX_DIR)/net/netfilter/ipvs/ip_vs_pe_sip.ko |
- | ||
| 435 | endef |
- | ||
| 436 | |
- | ||
| 437 | define KernelPackage/nf-ipvs-sip/description |
- | ||
| 438 | Allow persistence based on the SIP Call-ID |
- | ||
| 439 | endef |
- | ||
| 440 | |
- | ||
| 441 | $(eval $(call KernelPackage,nf-ipvs-sip)) |
- | ||
| 442 | |
348 | |
|
| 443 | |
349 | |
|
| 444 | define KernelPackage/ipt-nat |
350 | define KernelPackage/ipt-nat |
|
| 445 | TITLE:=Basic NAT targets |
351 | TITLE:=Basic NAT targets |
|
| 446 | KCONFIG:=$(KCONFIG_IPT_NAT) |
352 | KCONFIG:=$(KCONFIG_IPT_NAT) |
|
| Line 538... | Line 444... | |||
| 538 | SUBMENU:=$(NF_MENU) |
444 | SUBMENU:=$(NF_MENU) |
|
| 539 | TITLE:=Extra Conntrack and NAT helpers |
445 | TITLE:=Extra Conntrack and NAT helpers |
|
| 540 | KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA) |
446 | KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA) |
|
| 541 | FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
447 | FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) |
|
| 542 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m))) |
448 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m))) |
|
| 543 | DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw +LINUX_4_19:kmod-asn1-decoder |
449 | DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch |
|
| 544 | endef |
450 | endef |
|
| Line 545... | Line 451... | |||
| 545 | |
451 | |
|
| 546 | define KernelPackage/nf-nathelper-extra/description |
452 | define KernelPackage/nf-nathelper-extra/description |
|
| 547 | Extra Netfilter (IPv4) Conntrack and NAT helpers |
453 | Extra Netfilter (IPv4) Conntrack and NAT helpers |
|
| Line 645... | Line 551... | |||
| 645 | |
551 | |
|
| 646 | define KernelPackage/ipt-tproxy |
552 | define KernelPackage/ipt-tproxy |
|
| 647 | TITLE:=Transparent proxying support |
553 | TITLE:=Transparent proxying support |
|
| 648 | DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables |
554 | DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables |
|
| 649 | KCONFIG:= \ |
- | ||
| 650 | CONFIG_NF_SOCKET_IPV4 \ |
- | ||
| 651 | CONFIG_NF_SOCKET_IPV6 \ |
555 | KCONFIG:= \ |
|
| 652 | CONFIG_NETFILTER_XT_MATCH_SOCKET \ |
556 | CONFIG_NETFILTER_XT_MATCH_SOCKET \ |
|
| 653 | CONFIG_NETFILTER_XT_TARGET_TPROXY |
557 | CONFIG_NETFILTER_XT_TARGET_TPROXY |
|
| 654 | FILES:= \ |
558 | FILES:= \ |
|
| 655 | $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) |
559 | $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) |
|
| Line 736... | Line 640... | |||
| 736 | define KernelPackage/ipt-cluster |
640 | define KernelPackage/ipt-cluster |
|
| 737 | TITLE:=Module for matching cluster |
641 | TITLE:=Module for matching cluster |
|
| 738 | KCONFIG:=$(KCONFIG_IPT_CLUSTER) |
642 | KCONFIG:=$(KCONFIG_IPT_CLUSTER) |
|
| 739 | FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko) |
643 | FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko) |
|
| 740 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m))) |
644 | AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m))) |
|
| 741 | $(call AddDepends/ipt,+kmod-nf-conntrack) |
645 | $(call AddDepends/ipt) |
|
| 742 | endef |
646 | endef |
|
| Line 743... | Line 647... | |||
| 743 | |
647 | |
|
| 744 | define KernelPackage/ipt-cluster/description |
648 | define KernelPackage/ipt-cluster/description |
|
| 745 | Netfilter (IPv4/IPv6) module for matching cluster |
649 | Netfilter (IPv4/IPv6) module for matching cluster |
|
| Line 1145... | Line 1049... | |||
| 1145 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) |
1049 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m))) |
|
| 1146 | KCONFIG:=$(KCONFIG_NFT_NAT6) |
1050 | KCONFIG:=$(KCONFIG_NFT_NAT6) |
|
| 1147 | endef |
1051 | endef |
|
| Line 1148... | Line 1052... | |||
| 1148 | |
1052 | |
|
| 1149 | $(eval $(call KernelPackage,nft-nat6)) |
- | ||
| 1150 | |
- | ||
| 1151 | define KernelPackage/nft-netdev |
- | ||
| 1152 | SUBMENU:=$(NF_MENU) |
- | ||
| 1153 | TITLE:=Netfilter nf_tables netdev support |
- | ||
| 1154 | DEPENDS:=+kmod-nft-core |
- | ||
| 1155 | KCONFIG:= \ |
- | ||
| 1156 | CONFIG_NETFILTER_INGRESS=y \ |
- | ||
| 1157 | CONFIG_NF_TABLES_NETDEV \ |
- | ||
| 1158 | CONFIG_NF_DUP_NETDEV \ |
- | ||
| 1159 | CONFIG_NFT_DUP_NETDEV \ |
- | ||
| 1160 | CONFIG_NFT_FWD_NETDEV |
- | ||
| 1161 | FILES:= \ |
- | ||
| 1162 | $(LINUX_DIR)/net/netfilter/nf_tables_netdev.ko@lt4.17 \ |
- | ||
| 1163 | $(LINUX_DIR)/net/netfilter/nf_dup_netdev.ko \ |
- | ||
| 1164 | $(LINUX_DIR)/net/netfilter/nft_dup_netdev.ko \ |
- | ||
| 1165 | $(LINUX_DIR)/net/netfilter/nft_fwd_netdev.ko |
- | ||
| 1166 | AUTOLOAD:=$(call AutoProbe,nf_tables_netdev nf_dup_netdev nft_dup_netdev nft_fwd_netdev) |
- | ||
| 1167 | endef |
- | ||
| 1168 | |
- | ||
| 1169 | $(eval $(call KernelPackage,nft-netdev)) |
- | ||
| 1170 | |
- | ||
| 1171 | |
- | ||
| 1172 | define KernelPackage/nft-fib |
- | ||
| 1173 | SUBMENU:=$(NF_MENU) |
- | ||
| 1174 | TITLE:=Netfilter nf_tables fib support |
- | ||
| 1175 | DEPENDS:=+kmod-nft-core |
- | ||
| 1176 | FILES:=$(foreach mod,$(NFT_FIB-m),$(LINUX_DIR)/net/$(mod).ko) |
- | ||
| 1177 | AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_FIB-m))) |
- | ||
| 1178 | KCONFIG:=$(KCONFIG_NFT_FIB) |
- | ||
| 1179 | endef |
- | ||
| 1180 | |
- | ||