netfilter.mk 23 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885
  1. #
  2. # Copyright (C) 2006-2010 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. NF_MENU:=Netfilter Extensions
  8. NF_KMOD:=1
  9. include $(INCLUDE_DIR)/netfilter.mk
  10. define KernelPackage/nf-ipt
  11. SUBMENU:=$(NF_MENU)
  12. TITLE:=Iptables core
  13. KCONFIG:= \
  14. CONFIG_NETFILTER=y \
  15. CONFIG_NETFILTER_ADVANCED=y \
  16. $(KCONFIG_NF_IPT)
  17. FILES:=$(foreach mod,$(NF_IPT-m),$(LINUX_DIR)/net/$(mod).ko)
  18. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT-m)))
  19. endef
  20. $(eval $(call KernelPackage,nf-ipt))
  21. define KernelPackage/nf-ipt6
  22. SUBMENU:=$(NF_MENU)
  23. TITLE:=Ip6tables core
  24. KCONFIG:=$(KCONFIG_NF_IPT6)
  25. FILES:=$(foreach mod,$(NF_IPT6-m),$(LINUX_DIR)/net/$(mod).ko)
  26. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_IPT6-m)))
  27. DEPENDS:=+kmod-nf-ipt +kmod-nf-conntrack6
  28. endef
  29. $(eval $(call KernelPackage,nf-ipt6))
  30. define KernelPackage/ipt-core
  31. SUBMENU:=$(NF_MENU)
  32. TITLE:=Iptables core
  33. KCONFIG:=$(KCONFIG_IPT_CORE)
  34. FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
  35. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CORE-m)))
  36. DEPENDS:=+kmod-nf-ipt
  37. endef
  38. define KernelPackage/ipt-core/description
  39. Netfilter core kernel modules
  40. Includes:
  41. - comment
  42. - limit
  43. - LOG
  44. - mac
  45. - multiport
  46. - REJECT
  47. - TCPMSS
  48. endef
  49. $(eval $(call KernelPackage,ipt-core))
  50. define KernelPackage/nf-conntrack
  51. SUBMENU:=$(NF_MENU)
  52. TITLE:=Netfilter connection tracking
  53. KCONFIG:= \
  54. CONFIG_NETFILTER=y \
  55. CONFIG_NETFILTER_ADVANCED=y \
  56. CONFIG_NF_CONNTRACK_ZONES=y \
  57. $(KCONFIG_NF_CONNTRACK)
  58. FILES:=$(foreach mod,$(NF_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
  59. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK-m)))
  60. endef
  61. $(eval $(call KernelPackage,nf-conntrack))
  62. define KernelPackage/nf-conntrack6
  63. SUBMENU:=$(NF_MENU)
  64. TITLE:=Netfilter IPv6 connection tracking
  65. KCONFIG:=$(KCONFIG_NF_CONNTRACK6)
  66. DEPENDS:=@IPV6 +kmod-nf-conntrack
  67. FILES:=$(foreach mod,$(NF_CONNTRACK6-m),$(LINUX_DIR)/net/$(mod).ko)
  68. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_CONNTRACK6-m)))
  69. endef
  70. $(eval $(call KernelPackage,nf-conntrack6))
  71. define KernelPackage/nf-nat
  72. SUBMENU:=$(NF_MENU)
  73. TITLE:=Netfilter NAT
  74. KCONFIG:=$(KCONFIG_NF_NAT)
  75. DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
  76. FILES:=$(foreach mod,$(NF_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
  77. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT-m)))
  78. endef
  79. $(eval $(call KernelPackage,nf-nat))
  80. define KernelPackage/nf-nat6
  81. SUBMENU:=$(NF_MENU)
  82. TITLE:=Netfilter IPV6-NAT
  83. KCONFIG:=$(KCONFIG_NF_NAT6)
  84. DEPENDS:=+kmod-nf-conntrack6 +kmod-nf-ipt6 +kmod-nf-nat
  85. FILES:=$(foreach mod,$(NF_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
  86. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NAT6-m)))
  87. endef
  88. $(eval $(call KernelPackage,nf-nat6))
  89. define AddDepends/ipt
  90. SUBMENU:=$(NF_MENU)
  91. DEPENDS+= +kmod-ipt-core $(1)
  92. endef
  93. define KernelPackage/ipt-conntrack
  94. TITLE:=Basic connection tracking modules
  95. KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
  96. FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
  97. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK-m)))
  98. $(call AddDepends/ipt,+kmod-nf-conntrack)
  99. endef
  100. define KernelPackage/ipt-conntrack/description
  101. Netfilter (IPv4) kernel modules for connection tracking
  102. Includes:
  103. - conntrack
  104. - defrag
  105. - iptables_raw
  106. - NOTRACK
  107. - state
  108. endef
  109. $(eval $(call KernelPackage,ipt-conntrack))
  110. define KernelPackage/ipt-conntrack-extra
  111. TITLE:=Extra connection tracking modules
  112. KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
  113. FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
  114. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
  115. $(call AddDepends/ipt,+kmod-ipt-conntrack)
  116. endef
  117. define KernelPackage/ipt-conntrack-extra/description
  118. Netfilter (IPv4) extra kernel modules for connection tracking
  119. Includes:
  120. - connbytes
  121. - connmark/CONNMARK
  122. - conntrack
  123. - helper
  124. - recent
  125. endef
  126. $(eval $(call KernelPackage,ipt-conntrack-extra))
  127. define KernelPackage/ipt-filter
  128. TITLE:=Modules for packet content inspection
  129. KCONFIG:=$(KCONFIG_IPT_FILTER)
  130. FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
  131. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_FILTER-m)))
  132. $(call AddDepends/ipt,+kmod-lib-textsearch +kmod-ipt-conntrack)
  133. endef
  134. define KernelPackage/ipt-filter/description
  135. Netfilter (IPv4) kernel modules for packet content inspection
  136. Includes:
  137. - string
  138. endef
  139. $(eval $(call KernelPackage,ipt-filter))
  140. define KernelPackage/ipt-ipopt
  141. TITLE:=Modules for matching/changing IP packet options
  142. KCONFIG:=$(KCONFIG_IPT_IPOPT)
  143. FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
  144. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPOPT-m)))
  145. $(call AddDepends/ipt)
  146. endef
  147. define KernelPackage/ipt-ipopt/description
  148. Netfilter (IPv4) modules for matching/changing IP packet options
  149. Includes:
  150. - CLASSIFY
  151. - dscp/DSCP
  152. - ecn/ECN
  153. - hl/HL
  154. - length
  155. - mark/MARK
  156. - statistic
  157. - tcpmss
  158. - time
  159. - ttl/TTL
  160. - unclean
  161. endef
  162. $(eval $(call KernelPackage,ipt-ipopt))
  163. define KernelPackage/ipt-ipsec
  164. TITLE:=Modules for matching IPSec packets
  165. KCONFIG:=$(KCONFIG_IPT_IPSEC)
  166. FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
  167. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPSEC-m)))
  168. $(call AddDepends/ipt)
  169. endef
  170. define KernelPackage/ipt-ipsec/description
  171. Netfilter (IPv4) modules for matching IPSec packets
  172. Includes:
  173. - ah
  174. - esp
  175. - policy
  176. endef
  177. $(eval $(call KernelPackage,ipt-ipsec))
  178. IPSET_MODULES:= \
  179. ipset/ip_set \
  180. ipset/ip_set_bitmap_ip \
  181. ipset/ip_set_bitmap_ipmac \
  182. ipset/ip_set_bitmap_port \
  183. ipset/ip_set_hash_ip \
  184. ipset/ip_set_hash_ipmark \
  185. ipset/ip_set_hash_ipport \
  186. ipset/ip_set_hash_ipportip \
  187. ipset/ip_set_hash_ipportnet \
  188. ipset/ip_set_hash_mac \
  189. ipset/ip_set_hash_netportnet \
  190. ipset/ip_set_hash_net \
  191. ipset/ip_set_hash_netnet \
  192. ipset/ip_set_hash_netport \
  193. ipset/ip_set_hash_netiface \
  194. ipset/ip_set_list_set \
  195. xt_set
  196. define KernelPackage/ipt-ipset
  197. SUBMENU:=Netfilter Extensions
  198. TITLE:=IPset netfilter modules
  199. DEPENDS+= +kmod-ipt-core +kmod-nfnetlink
  200. KCONFIG:= \
  201. CONFIG_IP_SET \
  202. CONFIG_IP_SET_MAX=256 \
  203. CONFIG_NETFILTER_XT_SET \
  204. CONFIG_IP_SET_BITMAP_IP \
  205. CONFIG_IP_SET_BITMAP_IPMAC \
  206. CONFIG_IP_SET_BITMAP_PORT \
  207. CONFIG_IP_SET_HASH_IP \
  208. CONFIG_IP_SET_HASH_IPMARK \
  209. CONFIG_IP_SET_HASH_IPPORT \
  210. CONFIG_IP_SET_HASH_IPPORTIP \
  211. CONFIG_IP_SET_HASH_IPPORTNET \
  212. CONFIG_IP_SET_HASH_MAC \
  213. CONFIG_IP_SET_HASH_NET \
  214. CONFIG_IP_SET_HASH_NETNET \
  215. CONFIG_IP_SET_HASH_NETIFACE \
  216. CONFIG_IP_SET_HASH_NETPORT \
  217. CONFIG_IP_SET_HASH_NETPORTNET \
  218. CONFIG_IP_SET_LIST_SET \
  219. CONFIG_NET_EMATCH_IPSET=n
  220. FILES:=$(foreach mod,$(IPSET_MODULES),$(LINUX_DIR)/net/netfilter/$(mod).ko)
  221. AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPSET_MODULES)))
  222. endef
  223. $(eval $(call KernelPackage,ipt-ipset))
  224. define KernelPackage/ipt-nat
  225. TITLE:=Basic NAT targets
  226. KCONFIG:=$(KCONFIG_IPT_NAT)
  227. FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
  228. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT-m)))
  229. $(call AddDepends/ipt,+kmod-nf-nat)
  230. endef
  231. define KernelPackage/ipt-nat/description
  232. Netfilter (IPv4) kernel modules for basic NAT targets
  233. Includes:
  234. - MASQUERADE
  235. endef
  236. $(eval $(call KernelPackage,ipt-nat))
  237. define KernelPackage/ipt-raw
  238. TITLE:=Netfilter IPv4 raw table support
  239. KCONFIG:=CONFIG_IP_NF_RAW
  240. FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
  241. AUTOLOAD:=$(call AutoProbe,iptable_raw)
  242. $(call AddDepends/ipt)
  243. endef
  244. $(eval $(call KernelPackage,ipt-raw))
  245. define KernelPackage/ipt-raw6
  246. TITLE:=Netfilter IPv6 raw table support
  247. KCONFIG:=CONFIG_IP6_NF_RAW
  248. FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
  249. AUTOLOAD:=$(call AutoProbe,ip6table_raw)
  250. $(call AddDepends/ipt,+kmod-ip6tables)
  251. endef
  252. $(eval $(call KernelPackage,ipt-raw6))
  253. define KernelPackage/ipt-nat6
  254. TITLE:=IPv6 NAT targets
  255. KCONFIG:=$(KCONFIG_IPT_NAT6)
  256. FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
  257. AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
  258. $(call AddDepends/ipt,+kmod-nf-nat6)
  259. $(call AddDepends/ipt,+kmod-ipt-conntrack)
  260. $(call AddDepends/ipt,+kmod-ipt-nat)
  261. $(call AddDepends/ipt,+kmod-ip6tables)
  262. endef
  263. define KernelPackage/ipt-nat6/description
  264. Netfilter (IPv6) kernel modules for NAT targets
  265. endef
  266. $(eval $(call KernelPackage,ipt-nat6))
  267. define KernelPackage/ipt-nat-extra
  268. TITLE:=Extra NAT targets
  269. KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
  270. FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
  271. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NAT_EXTRA-m)))
  272. $(call AddDepends/ipt,+kmod-ipt-nat)
  273. endef
  274. define KernelPackage/ipt-nat-extra/description
  275. Netfilter (IPv4) kernel modules for extra NAT targets
  276. Includes:
  277. - NETMAP
  278. - REDIRECT
  279. endef
  280. $(eval $(call KernelPackage,ipt-nat-extra))
  281. define KernelPackage/nf-nathelper
  282. SUBMENU:=$(NF_MENU)
  283. TITLE:=Basic Conntrack and NAT helpers
  284. KCONFIG:=$(KCONFIG_NF_NATHELPER)
  285. FILES:=$(foreach mod,$(NF_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
  286. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER-m)))
  287. DEPENDS:=+kmod-nf-nat
  288. endef
  289. define KernelPackage/nf-nathelper/description
  290. Default Netfilter (IPv4) Conntrack and NAT helpers
  291. Includes:
  292. - ftp
  293. - irc
  294. - tftp
  295. endef
  296. $(eval $(call KernelPackage,nf-nathelper))
  297. define KernelPackage/nf-nathelper-extra
  298. SUBMENU:=$(NF_MENU)
  299. TITLE:=Extra Conntrack and NAT helpers
  300. KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
  301. FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
  302. AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
  303. DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
  304. endef
  305. define KernelPackage/nf-nathelper-extra/description
  306. Extra Netfilter (IPv4) Conntrack and NAT helpers
  307. Includes:
  308. - amanda
  309. - h323
  310. - mms
  311. - pptp
  312. - proto_gre
  313. - sip
  314. - snmp_basic
  315. - broadcast
  316. endef
  317. $(eval $(call KernelPackage,nf-nathelper-extra))
  318. define KernelPackage/ipt-ulog
  319. TITLE:=Module for user-space packet logging
  320. KCONFIG:=$(KCONFIG_IPT_ULOG)
  321. FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
  322. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_ULOG-m)))
  323. $(call AddDepends/ipt)
  324. endef
  325. define KernelPackage/ipt-ulog/description
  326. Netfilter (IPv4) module for user-space packet logging
  327. Includes:
  328. - ULOG
  329. endef
  330. $(eval $(call KernelPackage,ipt-ulog))
  331. define KernelPackage/ipt-nflog
  332. TITLE:=Module for user-space packet logging
  333. KCONFIG:=$(KCONFIG_IPT_NFLOG)
  334. FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
  335. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
  336. $(call AddDepends/ipt,+kmod-nfnetlink-log)
  337. endef
  338. define KernelPackage/ipt-nflog/description
  339. Netfilter module for user-space packet logging
  340. Includes:
  341. - NFLOG
  342. endef
  343. $(eval $(call KernelPackage,ipt-nflog))
  344. define KernelPackage/ipt-nfqueue
  345. TITLE:=Module for user-space packet queuing
  346. KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
  347. FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
  348. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
  349. $(call AddDepends/ipt,+kmod-nfnetlink-queue)
  350. endef
  351. define KernelPackage/ipt-nfqueue/description
  352. Netfilter module for user-space packet queuing
  353. Includes:
  354. - NFQUEUE
  355. endef
  356. $(eval $(call KernelPackage,ipt-nfqueue))
  357. define KernelPackage/ipt-debug
  358. TITLE:=Module for debugging/development
  359. KCONFIG:=$(KCONFIG_IPT_DEBUG)
  360. DEFAULT:=n
  361. FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
  362. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_DEBUG-m)))
  363. $(call AddDepends/ipt)
  364. endef
  365. define KernelPackage/ipt-debug/description
  366. Netfilter modules for debugging/development of the firewall
  367. Includes:
  368. - TRACE
  369. endef
  370. $(eval $(call KernelPackage,ipt-debug))
  371. define KernelPackage/ipt-led
  372. TITLE:=Module to trigger a LED with a Netfilter rule
  373. KCONFIG:=$(KCONFIG_IPT_LED)
  374. FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
  375. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_LED-m)))
  376. $(call AddDepends/ipt)
  377. endef
  378. define KernelPackage/ipt-led/description
  379. Netfilter target to trigger a LED when a network packet is matched.
  380. endef
  381. $(eval $(call KernelPackage,ipt-led))
  382. define KernelPackage/ipt-tproxy
  383. TITLE:=Transparent proxying support
  384. DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-ip6tables
  385. KCONFIG:= \
  386. CONFIG_NETFILTER_XT_MATCH_SOCKET \
  387. CONFIG_NETFILTER_XT_TARGET_TPROXY
  388. FILES:= \
  389. $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
  390. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
  391. $(call AddDepends/ipt)
  392. endef
  393. define KernelPackage/ipt-tproxy/description
  394. Kernel modules for Transparent Proxying
  395. endef
  396. $(eval $(call KernelPackage,ipt-tproxy))
  397. define KernelPackage/ipt-tee
  398. TITLE:=TEE support
  399. DEPENDS:=+kmod-ipt-conntrack @!LINUX_4_4
  400. KCONFIG:= \
  401. CONFIG_NETFILTER_XT_TARGET_TEE
  402. FILES:= \
  403. $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
  404. $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
  405. AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_TEE-m)))
  406. $(call AddDepends/ipt)
  407. endef
  408. define KernelPackage/ipt-tee/description
  409. Kernel modules for TEE
  410. endef
  411. $(eval $(call KernelPackage,ipt-tee))
  412. define KernelPackage/ipt-u32
  413. TITLE:=U32 support
  414. KCONFIG:= \
  415. CONFIG_NETFILTER_XT_MATCH_U32
  416. FILES:= \
  417. $(LINUX_DIR)/net/netfilter/xt_u32.ko \
  418. $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
  419. AUTOLOAD:=$(call AutoProbe,$(notdir nf_tee $(IPT_U32-m)))
  420. $(call AddDepends/ipt)
  421. endef
  422. define KernelPackage/ipt-u32/description
  423. Kernel modules for U32
  424. endef
  425. $(eval $(call KernelPackage,ipt-u32))
  426. define KernelPackage/ipt-iprange
  427. TITLE:=Module for matching ip ranges
  428. KCONFIG:=$(KCONFIG_IPT_IPRANGE)
  429. FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
  430. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_IPRANGE-m)))
  431. $(call AddDepends/ipt)
  432. endef
  433. define KernelPackage/ipt-iprange/description
  434. Netfilter (IPv4) module for matching ip ranges
  435. Includes:
  436. - iprange
  437. endef
  438. $(eval $(call KernelPackage,ipt-iprange))
  439. define KernelPackage/ipt-cluster
  440. TITLE:=Module for matching cluster
  441. KCONFIG:=$(KCONFIG_IPT_CLUSTER)
  442. FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
  443. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
  444. $(call AddDepends/ipt)
  445. endef
  446. define KernelPackage/ipt-cluster/description
  447. Netfilter (IPv4/IPv6) module for matching cluster
  448. This option allows you to build work-load-sharing clusters of
  449. network servers/stateful firewalls without having a dedicated
  450. load-balancing router/server/switch. Basically, this match returns
  451. true when the packet must be handled by this cluster node. Thus,
  452. all nodes see all packets and this match decides which node handles
  453. what packets. The work-load sharing algorithm is based on source
  454. address hashing.
  455. This module is usable for ipv4 and ipv6.
  456. To use it also enable iptables-mod-cluster
  457. see `iptables -m cluster --help` for more information.
  458. endef
  459. $(eval $(call KernelPackage,ipt-cluster))
  460. define KernelPackage/ipt-clusterip
  461. TITLE:=Module for CLUSTERIP
  462. KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
  463. FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
  464. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
  465. $(call AddDepends/ipt,+kmod-nf-conntrack)
  466. endef
  467. define KernelPackage/ipt-clusterip/description
  468. Netfilter (IPv4-only) module for CLUSTERIP
  469. The CLUSTERIP target allows you to build load-balancing clusters of
  470. network servers without having a dedicated load-balancing
  471. router/server/switch.
  472. To use it also enable iptables-mod-clusterip
  473. see `iptables -j CLUSTERIP --help` for more information.
  474. endef
  475. $(eval $(call KernelPackage,ipt-clusterip))
  476. define KernelPackage/ipt-extra
  477. TITLE:=Extra modules
  478. KCONFIG:=$(KCONFIG_IPT_EXTRA)
  479. FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
  480. AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_EXTRA-m)))
  481. $(call AddDepends/ipt,+kmod-br-netfilter)
  482. endef
  483. define KernelPackage/ipt-extra/description
  484. Other Netfilter (IPv4) kernel modules
  485. Includes:
  486. - addrtype
  487. - owner
  488. - physdev (if bridge support was enabled in kernel)
  489. - pkttype
  490. - quota
  491. endef
  492. $(eval $(call KernelPackage,ipt-extra))
  493. define KernelPackage/ip6tables
  494. SUBMENU:=$(NF_MENU)
  495. TITLE:=IPv6 modules
  496. DEPENDS:=+kmod-nf-ipt6 +kmod-ipt-core +kmod-ipt-conntrack
  497. KCONFIG:=$(KCONFIG_IPT_IPV6)
  498. FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
  499. AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
  500. endef
  501. define KernelPackage/ip6tables/description
  502. Netfilter IPv6 firewalling support
  503. endef
  504. $(eval $(call KernelPackage,ip6tables))
  505. define KernelPackage/ip6tables-extra
  506. SUBMENU:=$(NF_MENU)
  507. TITLE:=Extra IPv6 modules
  508. DEPENDS:=+kmod-ip6tables
  509. KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
  510. FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
  511. AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
  512. endef
  513. define KernelPackage/ip6tables-extra/description
  514. Netfilter IPv6 extra header matching modules
  515. endef
  516. $(eval $(call KernelPackage,ip6tables-extra))
  517. ARP_MODULES = arp_tables arpt_mangle arptable_filter
  518. define KernelPackage/arptables
  519. SUBMENU:=$(NF_MENU)
  520. TITLE:=ARP firewalling modules
  521. DEPENDS:=+kmod-ipt-core
  522. FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
  523. KCONFIG:=CONFIG_IP_NF_ARPTABLES \
  524. CONFIG_IP_NF_ARPFILTER \
  525. CONFIG_IP_NF_ARP_MANGLE
  526. AUTOLOAD:=$(call AutoProbe,$(ARP_MODULES))
  527. endef
  528. define KernelPackage/arptables/description
  529. Kernel modules for ARP firewalling
  530. endef
  531. $(eval $(call KernelPackage,arptables))
  532. define KernelPackage/br-netfilter
  533. SUBMENU:=$(NF_MENU)
  534. TITLE:=Bridge netfilter support modules
  535. HIDDEN:=1
  536. DEPENDS:=+kmod-ipt-core +kmod-bridge
  537. FILES:=$(LINUX_DIR)/net/bridge/br_netfilter.ko
  538. KCONFIG:=CONFIG_BRIDGE_NETFILTER
  539. AUTOLOAD:=$(call AutoProbe,br_netfilter)
  540. endef
  541. $(eval $(call KernelPackage,br-netfilter))
  542. define KernelPackage/ebtables
  543. SUBMENU:=$(NF_MENU)
  544. TITLE:=Bridge firewalling modules
  545. DEPENDS:=+kmod-ipt-core +kmod-bridge +kmod-br-netfilter
  546. FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
  547. KCONFIG:=$(KCONFIG_EBTABLES)
  548. AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES-m)))
  549. endef
  550. define KernelPackage/ebtables/description
  551. ebtables is a general, extensible frame/packet identification
  552. framework. It provides you to do Ethernet
  553. filtering/NAT/brouting on the Ethernet bridge.
  554. endef
  555. $(eval $(call KernelPackage,ebtables))
  556. define AddDepends/ebtables
  557. SUBMENU:=$(NF_MENU)
  558. DEPENDS+=kmod-ebtables $(1)
  559. endef
  560. define KernelPackage/ebtables-ipv4
  561. TITLE:=ebtables: IPv4 support
  562. FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
  563. KCONFIG:=$(KCONFIG_EBTABLES_IP4)
  564. AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP4-m)))
  565. $(call AddDepends/ebtables)
  566. endef
  567. define KernelPackage/ebtables-ipv4/description
  568. This option adds the IPv4 support to ebtables, which allows basic
  569. IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
  570. endef
  571. $(eval $(call KernelPackage,ebtables-ipv4))
  572. define KernelPackage/ebtables-ipv6
  573. TITLE:=ebtables: IPv6 support
  574. FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
  575. KCONFIG:=$(KCONFIG_EBTABLES_IP6)
  576. AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_IP6-m)))
  577. $(call AddDepends/ebtables)
  578. endef
  579. define KernelPackage/ebtables-ipv6/description
  580. This option adds the IPv6 support to ebtables, which allows basic
  581. IPv6 header field filtering and target support.
  582. endef
  583. $(eval $(call KernelPackage,ebtables-ipv6))
  584. define KernelPackage/ebtables-watchers
  585. TITLE:=ebtables: watchers support
  586. FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
  587. KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
  588. AUTOLOAD:=$(call AutoProbe,$(notdir $(EBTABLES_WATCHERS-m)))
  589. $(call AddDepends/ebtables)
  590. endef
  591. define KernelPackage/ebtables-watchers/description
  592. This option adds the log watchers, that you can use in any rule
  593. in any ebtables table.
  594. endef
  595. $(eval $(call KernelPackage,ebtables-watchers))
  596. define KernelPackage/nfnetlink
  597. SUBMENU:=$(NF_MENU)
  598. TITLE:=Netlink-based userspace interface
  599. FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
  600. KCONFIG:=$(KCONFIG_NFNETLINK)
  601. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
  602. endef
  603. define KernelPackage/nfnetlink/description
  604. Kernel modules support for a netlink-based userspace interface
  605. endef
  606. $(eval $(call KernelPackage,nfnetlink))
  607. define AddDepends/nfnetlink
  608. SUBMENU:=$(NF_MENU)
  609. DEPENDS+=+kmod-nfnetlink $(1)
  610. endef
  611. define KernelPackage/nfnetlink-log
  612. TITLE:=Netfilter LOG over NFNETLINK interface
  613. FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
  614. KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
  615. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
  616. $(call AddDepends/nfnetlink)
  617. endef
  618. define KernelPackage/nfnetlink-log/description
  619. Kernel modules support for logging packets via NFNETLINK
  620. Includes:
  621. - NFLOG
  622. endef
  623. $(eval $(call KernelPackage,nfnetlink-log))
  624. define KernelPackage/nfnetlink-queue
  625. TITLE:=Netfilter QUEUE over NFNETLINK interface
  626. FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
  627. KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
  628. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
  629. $(call AddDepends/nfnetlink)
  630. endef
  631. define KernelPackage/nfnetlink-queue/description
  632. Kernel modules support for queueing packets via NFNETLINK
  633. Includes:
  634. - NFQUEUE
  635. endef
  636. $(eval $(call KernelPackage,nfnetlink-queue))
  637. define KernelPackage/nf-conntrack-netlink
  638. TITLE:=Connection tracking netlink interface
  639. FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
  640. KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
  641. AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
  642. $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
  643. endef
  644. define KernelPackage/nf-conntrack-netlink/description
  645. Kernel modules support for a netlink-based connection tracking
  646. userspace interface
  647. endef
  648. $(eval $(call KernelPackage,nf-conntrack-netlink))
  649. define KernelPackage/ipt-hashlimit
  650. SUBMENU:=$(NF_MENU)
  651. TITLE:=Netfilter hashlimit match
  652. DEPENDS:=+kmod-ipt-core
  653. KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
  654. FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
  655. AUTOLOAD:=$(call AutoProbe,xt_hashlimit)
  656. $(call KernelPackage/ipt)
  657. endef
  658. define KernelPackage/ipt-hashlimit/description
  659. Kernel modules support for the hashlimit bucket match module
  660. endef
  661. $(eval $(call KernelPackage,ipt-hashlimit))
  662. define KernelPackage/nft-core
  663. SUBMENU:=$(NF_MENU)
  664. TITLE:=Netfilter nf_tables support
  665. DEPENDS:=+kmod-nfnetlink +kmod-nf-conntrack6 +kmod-nf-ipt +kmod-nf-ipt6
  666. FILES:=$(foreach mod,$(NFT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
  667. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_CORE-m)))
  668. KCONFIG:= \
  669. CONFIG_NETFILTER=y \
  670. CONFIG_NETFILTER_ADVANCED=y \
  671. CONFIG_NFT_COMPAT=n \
  672. CONFIG_NFT_QUEUE=n \
  673. CONFIG_NF_TABLES_ARP=n \
  674. CONFIG_NF_TABLES_BRIDGE=n \
  675. $(KCONFIG_NFT_CORE)
  676. endef
  677. define KernelPackage/nft-core/description
  678. Kernel module support for nftables
  679. endef
  680. $(eval $(call KernelPackage,nft-core))
  681. define KernelPackage/nft-nat
  682. SUBMENU:=$(NF_MENU)
  683. TITLE:=Netfilter nf_tables NAT support
  684. DEPENDS:=+kmod-nft-core +kmod-nf-nat +kmod-nf-nat6
  685. FILES:=$(foreach mod,$(NFT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
  686. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT-m)))
  687. KCONFIG:=$(KCONFIG_NFT_NAT)
  688. endef
  689. $(eval $(call KernelPackage,nft-nat))
  690. define KernelPackage/nft-nat6
  691. SUBMENU:=$(NF_MENU)
  692. TITLE:=Netfilter nf_tables IPv6-NAT support
  693. DEPENDS:=+kmod-nft-core +kmod-nf-nat6
  694. FILES:=$(foreach mod,$(NFT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
  695. AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_NAT6-m)))
  696. KCONFIG:=$(KCONFIG_NFT_NAT6)
  697. endef
  698. $(eval $(call KernelPackage,nft-nat6))