package/kernel/modules/netfilter.mk

   1
   2 #
   3 # Copyright (C) 2006-2008 OpenWrt.org
   4 #
   5 # This is free software, licensed under the GNU General Public License v2.
   6 # See /LICENSE for more information.
   7 #
   8
   9 NF_MENU:=Netfilter Extensions
  10 NF_KMOD:=1
  11 include $(INCLUDE_DIR)/netfilter.mk
  12
  13 define KernelPackage/ipt-core
  14   SUBMENU:=$(NF_MENU)
  15   TITLE:=Netfilter core
  16   KCONFIG:=$(KCONFIG_IPT_CORE)
  17   FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
  18   AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
  19 endef
  20
  21 define KernelPackage/ipt-core/description
  22  Netfilter core kernel modules
  23  Includes:
  24  - ipt_limit
  25  - xt_limit
  26  - ipt_mac
  27  - xt_mac
  28  - ipt_multiport
  29  - xt_multiport
  30  - ipt_comment
  31  - xt_comment
  32  - ipt_LOG
  33  - ipt_TCPMSS
  34  - xt_TCPMSS
  35  - ipt_REJECT
  36 endef
  37
  38 $(eval $(call KernelPackage,ipt-core))
  39
  40
  41 define KernelPackage/ipt/Depends
  42   SUBMENU:=$(NF_MENU)
  43   DEPENDS:= kmod-ipt-core $(1)
  44 endef
  45
  46
  47 define KernelPackage/ipt-conntrack
  48 $(call KernelPackage/ipt/Depends,)
  49   TITLE:=Basic connection tracking modules
  50   KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
  51   FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
  52   AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
  53 endef
  54
  55 define KernelPackage/ipt-conntrack/description
  56  Netfilter (IPv4) kernel modules for connection tracking
  57  Includes:
  58  - conntrack
  59  - defrag
  60  - iptables_raw
  61  - NOTRACK
  62  - state
  63  - xt_NOTRACK
  64 endef
  65
  66 $(eval $(call KernelPackage,ipt-conntrack))
  67
  68
  69 define KernelPackage/ipt-conntrack-extra
  70 $(call KernelPackage/ipt/Depends,+kmod-ipt-conntrack)
  71   TITLE:=Extra connection tracking modules
  72   KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
  73   FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
  74   AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
  75 endef
  76
  77 define KernelPackage/ipt-conntrack-extra/description
  78  Netfilter (IPv4) extra kernel modules for connection tracking
  79  Includes:
  80  - connbytes
  81  - connmark/CONNMARK
  82  - conntrack
  83  - helper
  84  - recent
  85 endef
  86
  87 $(eval $(call KernelPackage,ipt-conntrack-extra))
  88
  89
  90 define KernelPackage/ipt-filter
  91 $(call KernelPackage/ipt/Depends,+LINUX_2_6:kmod-textsearch)
  92   TITLE:=Modules for packet content inspection
  93   KCONFIG:=$(KCONFIG_IPT_FILTER)
  94   FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
  95   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
  96 endef
  97
  98 define KernelPackage/ipt-filter/description
  99  Netfilter (IPv4) kernel modules for packet content inspection
 100  Includes:
 101  - ipt_layer7
 102  - ipt_string
 103  - xt_layer7
 104  - xt_string
 105 endef
 106
 107 $(eval $(call KernelPackage,ipt-filter))
 108
 109
 110 define KernelPackage/ipt-ipopt
 111 $(call KernelPackage/ipt/Depends,)
 112   TITLE:=Modules for matching/changing IP packet options
 113   KCONFIG:=$(KCONFIG_IPT_IPOPT)
 114   FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 115   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
 116 endef
 117
 118 define KernelPackage/ipt-ipopt/description
 119  Netfilter (IPv4) modules for matching/changing IP packet options
 120  Includes:
 121  - ipt_dscp
 122  - xt_dscp
 123  - xt_DSCP
 124  - ipt_ecn
 125  - ipt_length
 126  - xt_length
 127  - ipt_mark
 128  - xt_mark
 129  - xt_statistic
 130  - ipt_tcpmss
 131  - xt_tcpmss
 132  - ipt_time
 133  - xt_time
 134  - ipt_unclean
 135  - ipt_CLASSIFY
 136  - xt_CLASSIFY
 137  - ipt_DSCP
 138  - ipt_ECN
 139  - ipt_MARK
 140  - xt_MARK
 141  - xt_tos
 142  - xt_TOS
 143  - xt_hl
 144  - xt_HL
 145 endef
 146
 147 $(eval $(call KernelPackage,ipt-ipopt))
 148
 149
 150 define KernelPackage/ipt-ipsec
 151 $(call KernelPackage/ipt/Depends,)
 152   TITLE:=Modules for matching IPSec packets
 153   KCONFIG:=$(KCONFIG_IPT_IPSEC)
 154   FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 155   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
 156 endef
 157
 158 define KernelPackage/ipt-ipsec/description
 159  Netfilter (IPv4) modules for matching IPSec packets
 160  Includes:
 161  - ipt_ah
 162  - ipt_esp
 163  - xt_esp
 164  - xt_policy
 165 endef
 166
 167 $(eval $(call KernelPackage,ipt-ipsec))
 168
 169
 170 define KernelPackage/ipt-nat
 171 $(call KernelPackage/ipt/Depends,+kmod-ipt-conntrack)
 172   TITLE:=Basic NAT targets
 173   KCONFIG:=$(KCONFIG_IPT_NAT)
 174   FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 175   AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
 176 endef
 177
 178 define KernelPackage/ipt-nat/description
 179  Netfilter (IPv4) kernel modules for basic NAT targets
 180  Includes:
 181  - MASQUERADE
 182 endef
 183
 184 $(eval $(call KernelPackage,ipt-nat))
 185
 186
 187 define KernelPackage/ipt-nat-extra
 188 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat)
 189   TITLE:=Extra NAT targets
 190   KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
 191   FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 192   AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
 193 endef
 194
 195 define KernelPackage/ipt-nat-extra/description
 196  Netfilter (IPv4) kernel modules for extra NAT targets
 197  Includes:
 198  - MIRROR
 199  - NETMAP
 200  - REDIRECT
 201 endef
 202
 203 $(eval $(call KernelPackage,ipt-nat-extra))
 204
 205
 206 define KernelPackage/ipt-nathelper
 207 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat)
 208   TITLE:=Basic Conntrack and NAT helpers
 209   KCONFIG:=$(KCONFIG_IPT_NATHELPER)
 210   FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 211   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
 212 endef
 213
 214 define KernelPackage/ipt-nathelper/description
 215  Default Netfilter (IPv4) Conntrack and NAT helpers
 216  Includes:
 217  - ip_conntrack_ftp
 218  - ip_nat_ftp
 219  - nf_conntrack_ftp
 220  - nf_nat_ftp
 221  - ip_conntrack_irc
 222  - ip_nat_irc
 223  - nf_conntrack_irc
 224  - nf_nat_irc
 225  - ip_conntrack_tftp
 226  - nf_conntrack_tftp
 227  - nf_nat_tftp
 228 endef
 229
 230 $(eval $(call KernelPackage,ipt-nathelper))
 231
 232
 233 define KernelPackage/ipt-nathelper-extra
 234 $(call KernelPackage/ipt/Depends,+kmod-ipt-nat +LINUX_2_6:kmod-textsearch)
 235   TITLE:=Extra Conntrack and NAT helpers
 236   KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
 237   FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 238   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
 239 endef
 240
 241 define KernelPackage/ipt-nathelper-extra/description
 242  Extra Netfilter (IPv4) Conntrack and NAT helpers
 243  Includes:
 244  - ip_conntrack_amanda
 245  - nf_conntrack_amanda
 246  - nf_nat_amanda
 247  - ip_conntrack_proto_gre
 248  - ip_nat_proto_gre
 249  - nf_conntrack_proto_gre
 250  - nf_nat_proto_gre
 251  - ip_conntrack_h323
 252  - ip_nat_h323
 253  - nf_conntrack_h323
 254  - nf_nat_h323
 255  - ip_conntrack_mms
 256  - ip_nat_mms
 257  - ip_conntrack_pptp
 258  - ip_nat_pptp
 259  - nf_conntrack_pptp
 260  - nf_nat_pptp
 261  - ip_conntrack_rtsp
 262  - ip_nat_rtsp
 263  - nf_conntrack_rtsp
 264  - nf_nat_rtsp
 265  - ip_conntrack_sip
 266  - ip_nat_sip
 267  - nf_conntrack_sip
 268  - nf_nat_sip
 269  - ip_nat_snmp_basic
 270  - nf_nat_snmp_basic
 271 endef
 272
 273 $(eval $(call KernelPackage,ipt-nathelper-extra))
 274
 275
 276 define KernelPackage/ipt-imq
 277 $(call KernelPackage/ipt/Depends,)
 278   TITLE:=Intermediate Queueing support
 279   KCONFIG:= \
 280         CONFIG_IMQ \
 281         CONFIG_IMQ_BEHAVIOR_BA=y \
 282         CONFIG_IMQ_NUM_DEVS=2 \
 283         CONFIG_NETFILTER_XT_TARGET_IMQ
 284   FILES:= \
 285         $(LINUX_DIR)/drivers/net/imq.$(LINUX_KMOD_SUFFIX) \
 286         $(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 287   AUTOLOAD:=$(call AutoLoad,45,$(notdir \
 288         imq \
 289         $(IPT_IMQ-m) \
 290   ))
 291 endef
 292
 293 define KernelPackage/ipt-imq/description
 294  Kernel support for Intermediate Queueing devices
 295 endef
 296
 297 $(eval $(call KernelPackage,ipt-imq))
 298
 299
 300 define KernelPackage/ipt-queue
 301 $(call KernelPackage/ipt/Depends,)
 302   TITLE:=Module for user-space packet queueing
 303   KCONFIG:=$(KCONFIG_IPT_QUEUE)
 304   FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 305   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
 306 endef
 307
 308 define KernelPackage/ipt-queue/description
 309  Netfilter (IPv4) module for user-space packet queueing
 310  Includes:
 311  - QUEUE
 312 endef
 313
 314 $(eval $(call KernelPackage,ipt-queue))
 315
 316
 317 define KernelPackage/ipt-ulog
 318 $(call KernelPackage/ipt/Depends,)
 319   TITLE:=Module for user-space packet logging
 320   KCONFIG:=$(KCONFIG_IPT_ULOG)
 321   FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 322   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
 323 endef
 324
 325 define KernelPackage/ipt-ulog/description
 326  Netfilter (IPv4) module for user-space packet logging
 327  Includes:
 328  - ipt_ULOG
 329 endef
 330
 331 $(eval $(call KernelPackage,ipt-ulog))
 332
 333
 334 define KernelPackage/ipt-iprange
 335 $(call KernelPackage/ipt/Depends,)
 336   TITLE:=Module for matching ip ranges
 337   KCONFIG:=$(KCONFIG_IPT_IPRANGE)
 338   FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 339   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
 340 endef
 341
 342 define KernelPackage/ipt-iprange/description
 343  Netfilter (IPv4) module for matching ip ranges
 344  Includes:
 345  - ipt_IPRANGE
 346 endef
 347
 348 $(eval $(call KernelPackage,ipt-iprange))
 349
 350
 351 define KernelPackage/ipt-extra
 352 $(call KernelPackage/ipt/Depends,)
 353   TITLE:=Extra modules
 354   KCONFIG:=$(KCONFIG_IPT_EXTRA)
 355   FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 356   AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
 357 endef
 358
 359 define KernelPackage/ipt-extra/description
 360  Other Netfilter (IPv4) kernel modules
 361  Includes:
 362  - ipt_condition
 363  - ipt_owner
 364  - xt_physdev
 365  - ipt_pkttype
 366  - xt_pkttype
 367  - xt_quota
 368 endef
 369
 370 $(eval $(call KernelPackage,ipt-extra))
 371
 372
 373 define KernelPackage/ip6tables
 374   SUBMENU:=$(NF_MENU)
 375   TITLE:=IPv6 modules
 376   DEPENDS:=+kmod-ipv6
 377   KCONFIG:=$(KCONFIG_IPT_IPV6)
 378   FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 379   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
 380 endef
 381
 382 define KernelPackage/ip6tables/description
 383  Netfilter IPv6 firewalling support
 384 endef
 385
 386 $(eval $(call KernelPackage,ip6tables))
 387
 388
 389 define KernelPackage/arptables
 390   SUBMENU:=$(NF_MENU)
 391   TITLE:=ARP firewalling modules
 392   FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)
 393   KCONFIG:=CONFIG_IP_NF_ARPTABLES \
 394     CONFIG_IP_NF_ARPFILTER \
 395     CONFIG_IP_NF_ARP_MANGLE
 396   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.$(LINUX_KMOD_SUFFIX),%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.$(LINUX_KMOD_SUFFIX)))))
 397 endef
 398
 399 define KernelPackage/arptables/description
 400  Kernel modules for ARP firewalling
 401 endef
 402
 403 $(eval $(call KernelPackage,arptables))
 404
 405
 406 define KernelPackage/ebtables
 407   SUBMENU:=$(NF_MENU)
 408   TITLE:=Bridge firewalling modules
 409   DEPENDS:=@LINUX_2_6
 410   FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 411   KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
 412         $(KCONFIG_EBTABLES)
 413   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
 414 endef
 415
 416 define KernelPackage/ebtables/description
 417   ebtables is a general, extensible frame/packet identification
 418   framework. It provides you to do Ethernet
 419   filtering/NAT/brouting on the Ethernet bridge.
 420 endef
 421
 422 $(eval $(call KernelPackage,ebtables))
 423
 424
 425 define KernelPackage/ebtables/Depends
 426   SUBMENU:=$(NF_MENU)
 427   DEPENDS:=kmod-ebtables $(1)
 428 endef
 429
 430
 431 define KernelPackage/ebtables-ipv4
 432 $(call KernelPackage/ebtables/Depends,)
 433   TITLE:=ebtables: IPv4 support
 434   FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 435   KCONFIG:=$(KCONFIG_EBTABLES_IP4)
 436   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
 437 endef
 438
 439 define KernelPackage/ebtables-ipv4/description
 440  This option adds the IPv4 support to ebtables, which allows basic
 441  IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
 442 endef
 443
 444 $(eval $(call KernelPackage,ebtables-ipv4))
 445
 446
 447 define KernelPackage/ebtables-ipv6
 448 $(call KernelPackage/ebtables/Depends,)
 449   TITLE:=ebtables: IPv6 support
 450   FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 451   KCONFIG:=$(KCONFIG_EBTABLES_IP6)
 452   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
 453 endef
 454
 455 define KernelPackage/ebtables-ipv6/description
 456  This option adds the IPv6 support to ebtables, which allows basic
 457  IPv6 header field filtering and target support.
 458 endef
 459
 460 $(eval $(call KernelPackage,ebtables-ipv6))
 461
 462
 463 define KernelPackage/ebtables-watchers
 464 $(call KernelPackage/ebtables/Depends,)
 465   TITLE:=ebtables: watchers support
 466   FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
 467   KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
 468   AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
 469 endef
 470
 471 define KernelPackage/ebtables-watchers/description
 472  This option adds the log watchers, that you can use in any rule
 473  in any ebtables table.
 474 endef
 475
 476 $(eval $(call KernelPackage,ebtables-watchers))
 477
 478
 479 define KernelPackage/nfnetlink
 480   SUBMENU:=$(NF_MENU)
 481   TITLE:=Netlink-based userspace interface
 482   DEPENDS:=@LINUX_2_6 +kmod-ipt-core
 483   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.$(LINUX_KMOD_SUFFIX)
 484   KCONFIG:=CONFIG_NETFILTER_NETLINK
 485   AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
 486 endef
 487
 488 define KernelPackage/nfnetlink/description
 489  Kernel modules support for a netlink-based userspace interface
 490 endef
 491
 492 $(eval $(call KernelPackage,nfnetlink))
 493
 494
 495 define KernelPackage/nfnetlink/Depends
 496   SUBMENU:=$(NF_MENU)
 497   DEPENDS:=@LINUX_2_6 +kmod-nfnetlink $(1)
 498 endef
 499
 500
 501 define KernelPackage/nfnetlink-log
 502 $(call KernelPackage/nfnetlink/Depends,)
 503   TITLE:=Netfilter LOG over NFNETLINK interface
 504   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.$(LINUX_KMOD_SUFFIX)
 505   KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
 506   AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
 507 endef
 508
 509 define KernelPackage/nfnetlink-log/description
 510  Kernel modules support for logging packets via NFNETLINK
 511 endef
 512
 513 $(eval $(call KernelPackage,nfnetlink-log))
 514
 515
 516 define KernelPackage/nfnetlink-queue
 517 $(call KernelPackage/nfnetlink/Depends,)
 518   TITLE:=Netfilter QUEUE over NFNETLINK interface
 519   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.$(LINUX_KMOD_SUFFIX)
 520   KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
 521   AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
 522 endef
 523
 524 define KernelPackage/nfnetlink-queue/description
 525  Kernel modules support for queueing packets via NFNETLINK
 526 endef
 527
 528 $(eval $(call KernelPackage,nfnetlink-queue))
 529
 530
 531 define KernelPackage/nf-conntrack-netlink
 532 $(call KernelPackage/nfnetlink/Depends,+kmod-ipt-conntrack)
 533   TITLE:=Connection tracking netlink interface
 534   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.$(LINUX_KMOD_SUFFIX)
 535   KCONFIG:=CONFIG_NF_CT_NETLINK
 536   AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
 537 endef
 538
 539 define KernelPackage/nf-conntrack-netlink/description
 540  Kernel modules support for a netlink-based connection tracking
 541  userspace interface
 542 endef
 543
 544 $(eval $(call KernelPackage,nf-conntrack-netlink))