projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
hostapd: properly mark random data as ready if initialization succeeds without reasso...
[openwrt.git] / package / kernel / modules / netfilter.mk
1
2 #
3 # Copyright (C) 2006-2010 OpenWrt.org
4 #
5 # This is free software, licensed under the GNU General Public License v2.
6 # See /LICENSE for more information.
7 #
8
9 NF_MENU:=Netfilter Extensions
10 NF_KMOD:=1
11 include $(INCLUDE_DIR)/netfilter.mk
12
13 define KernelPackage/ipt-core
14 SUBMENU:=$(NF_MENU)
15 TITLE:=Netfilter core
16 KCONFIG:= \
17 CONFIG_NETFILTER=y \
18 CONFIG_NETFILTER_ADVANCED=y \
19 $(KCONFIG_IPT_CORE)
20 FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
21 AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
22 endef
23
24 define KernelPackage/ipt-core/description
25 Netfilter core kernel modules
26 Includes:
27 - comment (2.6)
28 - limit
29 - LOG
30 - mac
31 - multiport
32 - REJECT
33 - TCPMSS
34 endef
35
36 $(eval $(call KernelPackage,ipt-core))
37
38
39 define AddDepends/ipt
40 SUBMENU:=$(NF_MENU)
41 DEPENDS+= kmod-ipt-core $(1)
42 endef
43
44
45 define KernelPackage/ipt-conntrack
46 TITLE:=Basic connection tracking modules
47 KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
48 FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
49 AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
50 $(call AddDepends/ipt)
51 endef
52
53 define KernelPackage/ipt-conntrack/description
54 Netfilter (IPv4) kernel modules for connection tracking
55 Includes:
56 - conntrack
57 - defrag (2.6)
58 - iptables_raw
59 - NOTRACK
60 - state
61 endef
62
63 $(eval $(call KernelPackage,ipt-conntrack))
64
65
66 define KernelPackage/ipt-conntrack-extra
67 TITLE:=Extra connection tracking modules
68 KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
69 FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
70 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
71 $(call AddDepends/ipt,+kmod-ipt-conntrack)
72 endef
73
74 define KernelPackage/ipt-conntrack-extra/description
75 Netfilter (IPv4) extra kernel modules for connection tracking
76 Includes:
77 - connbytes
78 - connmark/CONNMARK
79 - conntrack
80 - helper
81 - recent
82 endef
83
84 $(eval $(call KernelPackage,ipt-conntrack-extra))
85
86
87 define KernelPackage/ipt-filter
88 TITLE:=Modules for packet content inspection
89 KCONFIG:=$(KCONFIG_IPT_FILTER)
90 FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
91 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
92 $(call AddDepends/ipt,+kmod-textsearch)
93 endef
94
95 define KernelPackage/ipt-filter/description
96 Netfilter (IPv4) kernel modules for packet content inspection
97 Includes:
98 - layer7
99 - string
100 endef
101
102 $(eval $(call KernelPackage,ipt-filter))
103
104
105 define KernelPackage/ipt-ipopt
106 TITLE:=Modules for matching/changing IP packet options
107 KCONFIG:=$(KCONFIG_IPT_IPOPT)
108 FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
109 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
110 $(call AddDepends/ipt)
111 endef
112
113 define KernelPackage/ipt-ipopt/description
114 Netfilter (IPv4) modules for matching/changing IP packet options
115 Includes:
116 - CLASSIFY
117 - dscp/DSCP
118 - ecn/ECN
119 - hl/HL (2.6.30 and later)
120 - length
121 - mark/MARK
122 - statistic (2.6)
123 - tcpmss
124 - time
125 - tos/TOS (prior to 2.6.25)
126 - ttl/TTL (prior to 2.6.30)
127 - unclean
128 endef
129
130 $(eval $(call KernelPackage,ipt-ipopt))
131
132
133 define KernelPackage/ipt-ipsec
134 TITLE:=Modules for matching IPSec packets
135 KCONFIG:=$(KCONFIG_IPT_IPSEC)
136 FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
137 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
138 $(call AddDepends/ipt)
139 endef
140
141 define KernelPackage/ipt-ipsec/description
142 Netfilter (IPv4) modules for matching IPSec packets
143 Includes:
144 - ah
145 - esp
146 - policy (2.6)
147 endef
148
149 $(eval $(call KernelPackage,ipt-ipsec))
150
151
152 define KernelPackage/ipt-nat
153 TITLE:=Basic NAT targets
154 KCONFIG:=$(KCONFIG_IPT_NAT)
155 FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
156 AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
157 $(call AddDepends/ipt,+kmod-ipt-conntrack)
158 endef
159
160 define KernelPackage/ipt-nat/description
161 Netfilter (IPv4) kernel modules for basic NAT targets
162 Includes:
163 - MASQUERADE
164 endef
165
166 $(eval $(call KernelPackage,ipt-nat))
167
168
169 define KernelPackage/ipt-nat-extra
170 TITLE:=Extra NAT targets
171 KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
172 FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
173 AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
174 $(call AddDepends/ipt,+kmod-ipt-nat)
175 endef
176
177 define KernelPackage/ipt-nat-extra/description
178 Netfilter (IPv4) kernel modules for extra NAT targets
179 Includes:
180 - MIRROR (2.4)
181 - NETMAP
182 - REDIRECT
183 endef
184
185 $(eval $(call KernelPackage,ipt-nat-extra))
186
187
188 define KernelPackage/ipt-nathelper
189 TITLE:=Basic Conntrack and NAT helpers
190 KCONFIG:=$(KCONFIG_IPT_NATHELPER)
191 FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
192 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
193 $(call AddDepends/ipt,+kmod-ipt-nat)
194 endef
195
196 define KernelPackage/ipt-nathelper/description
197 Default Netfilter (IPv4) Conntrack and NAT helpers
198 Includes:
199 - ftp
200 - irc
201 - tftp
202 endef
203
204 $(eval $(call KernelPackage,ipt-nathelper))
205
206
207 define KernelPackage/ipt-nathelper-extra
208 TITLE:=Extra Conntrack and NAT helpers
209 KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
210 FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
211 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
212 $(call AddDepends/ipt,+kmod-ipt-nat +kmod-textsearch)
213 endef
214
215 define KernelPackage/ipt-nathelper-extra/description
216 Extra Netfilter (IPv4) Conntrack and NAT helpers
217 Includes:
218 - amanda
219 - h323
220 - mms
221 - pptp (2.6)
222 - proto_gre (2.6)
223 - rtsp
224 - sip (2.6)
225 - snmp_basic
226 endef
227
228 $(eval $(call KernelPackage,ipt-nathelper-extra))
229
230
231 define KernelPackage/ipt-queue
232 TITLE:=Module for user-space packet queueing
233 KCONFIG:=$(KCONFIG_IPT_QUEUE)
234 FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
235 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
236 $(call AddDepends/ipt)
237 endef
238
239 define KernelPackage/ipt-queue/description
240 Netfilter (IPv4) module for user-space packet queueing
241 Includes:
242 - QUEUE
243 endef
244
245 $(eval $(call KernelPackage,ipt-queue))
246
247
248 define KernelPackage/ipt-ulog
249 TITLE:=Module for user-space packet logging
250 KCONFIG:=$(KCONFIG_IPT_ULOG)
251 FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
252 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
253 $(call AddDepends/ipt)
254 endef
255
256 define KernelPackage/ipt-ulog/description
257 Netfilter (IPv4) module for user-space packet logging
258 Includes:
259 - ULOG
260 endef
261
262 $(eval $(call KernelPackage,ipt-ulog))
263
264
265 define KernelPackage/ipt-debug
266 TITLE:=Module for debugging/development
267 KCONFIG:=$(KCONFIG_IPT_DEBUG)
268 DEFAULT:=n
269 FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
270 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_DEBUG-m)))
271 $(call AddDepends/ipt)
272 endef
273
274 define KernelPackage/ipt-debug/description
275 Netfilter modules for debugging/development of the firewall
276 Includes:
277 - TRACE
278 endef
279
280 $(eval $(call KernelPackage,ipt-debug))
281
282
283 define KernelPackage/ipt-led
284 TITLE:=Module to trigger a LED with a Netfilter rule
285 KCONFIG:=$(KCONFIG_IPT_LED)
286 FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
287 AUTOLOAD:=$(call AutoLoad,61,$(notdir $(IPT_LED-m)))
288 $(call AddDepends/ipt)
289 endef
290
291 define KernelPackage/ipt-led/description
292 Netfilter target to trigger a LED when a network packet is matched.
293 endef
294
295 $(eval $(call KernelPackage,ipt-led))
296
297 define KernelPackage/ipt-tproxy
298 TITLE:=Transparent proxying support
299 DEPENDS+=+IPV6:kmod-ipv6
300 KCONFIG:= \
301 CONFIG_NETFILTER_TPROXY \
302 CONFIG_NETFILTER_XT_MATCH_SOCKET \
303 CONFIG_NETFILTER_XT_TARGET_TPROXY
304 FILES:= \
305 $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \
306 $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
307 AUTOLOAD:=$(call AutoLoad,50,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
308 $(call AddDepends/ipt)
309 endef
310
311 define KernelPackage/ipt-tproxy/description
312 Kernel modules for Transparent Proxying
313 endef
314
315 $(eval $(call KernelPackage,ipt-tproxy))
316
317
318 define KernelPackage/ipt-iprange
319 TITLE:=Module for matching ip ranges
320 KCONFIG:=$(KCONFIG_IPT_IPRANGE)
321 FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
322 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
323 $(call AddDepends/ipt)
324 endef
325
326 define KernelPackage/ipt-iprange/description
327 Netfilter (IPv4) module for matching ip ranges
328 Includes:
329 - iprange
330 endef
331
332 $(eval $(call KernelPackage,ipt-iprange))
333
334
335 define KernelPackage/ipt-extra
336 TITLE:=Extra modules
337 KCONFIG:=$(KCONFIG_IPT_EXTRA)
338 FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
339 AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
340 $(call AddDepends/ipt)
341 endef
342
343 define KernelPackage/ipt-extra/description
344 Other Netfilter (IPv4) kernel modules
345 Includes:
346 - condition (2.4 only)
347 - owner
348 - physdev (if bridge support was enabled in kernel)
349 - pkttype
350 - quota
351 endef
352
353 $(eval $(call KernelPackage,ipt-extra))
354
355
356 define KernelPackage/ip6tables
357 SUBMENU:=$(NF_MENU)
358 TITLE:=IPv6 modules
359 DEPENDS:=+kmod-ipv6
360 KCONFIG:=$(KCONFIG_IPT_IPV6)
361 FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
362 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
363 endef
364
365 define KernelPackage/ip6tables/description
366 Netfilter IPv6 firewalling support
367 endef
368
369 $(eval $(call KernelPackage,ip6tables))
370
371
372 define KernelPackage/arptables
373 SUBMENU:=$(NF_MENU)
374 TITLE:=ARP firewalling modules
375 FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
376 KCONFIG:=CONFIG_IP_NF_ARPTABLES \
377 CONFIG_IP_NF_ARPFILTER \
378 CONFIG_IP_NF_ARP_MANGLE
379 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.ko))))
380 endef
381
382 define KernelPackage/arptables/description
383 Kernel modules for ARP firewalling
384 endef
385
386 $(eval $(call KernelPackage,arptables))
387
388
389 define KernelPackage/ebtables
390 SUBMENU:=$(NF_MENU)
391 TITLE:=Bridge firewalling modules
392 FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
393 KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
394 $(KCONFIG_EBTABLES)
395 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
396 endef
397
398 define KernelPackage/ebtables/description
399 ebtables is a general, extensible frame/packet identification
400 framework. It provides you to do Ethernet
401 filtering/NAT/brouting on the Ethernet bridge.
402 endef
403
404 $(eval $(call KernelPackage,ebtables))
405
406
407 define AddDepends/ebtables
408 SUBMENU:=$(NF_MENU)
409 DEPENDS+=kmod-ebtables $(1)
410 endef
411
412
413 define KernelPackage/ebtables-ipv4
414 TITLE:=ebtables: IPv4 support
415 FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
416 KCONFIG:=$(KCONFIG_EBTABLES_IP4)
417 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
418 $(call AddDepends/ebtables)
419 endef
420
421 define KernelPackage/ebtables-ipv4/description
422 This option adds the IPv4 support to ebtables, which allows basic
423 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
424 endef
425
426 $(eval $(call KernelPackage,ebtables-ipv4))
427
428
429 define KernelPackage/ebtables-ipv6
430 TITLE:=ebtables: IPv6 support
431 FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
432 KCONFIG:=$(KCONFIG_EBTABLES_IP6)
433 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
434 $(call AddDepends/ebtables)
435 endef
436
437 define KernelPackage/ebtables-ipv6/description
438 This option adds the IPv6 support to ebtables, which allows basic
439 IPv6 header field filtering and target support.
440 endef
441
442 $(eval $(call KernelPackage,ebtables-ipv6))
443
444
445 define KernelPackage/ebtables-watchers
446 TITLE:=ebtables: watchers support
447 FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
448 KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
449 AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
450 $(call AddDepends/ebtables)
451 endef
452
453 define KernelPackage/ebtables-watchers/description
454 This option adds the log watchers, that you can use in any rule
455 in any ebtables table.
456 endef
457
458 $(eval $(call KernelPackage,ebtables-watchers))
459
460
461 define KernelPackage/nfnetlink
462 SUBMENU:=$(NF_MENU)
463 TITLE:=Netlink-based userspace interface
464 DEPENDS:=+kmod-ipt-core
465 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
466 KCONFIG:=CONFIG_NETFILTER_NETLINK
467 AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
468 endef
469
470 define KernelPackage/nfnetlink/description
471 Kernel modules support for a netlink-based userspace interface
472 endef
473
474 $(eval $(call KernelPackage,nfnetlink))
475
476
477 define AddDepends/nfnetlink
478 SUBMENU:=$(NF_MENU)
479 DEPENDS+=+kmod-nfnetlink $(1)
480 endef
481
482
483 define KernelPackage/nfnetlink-log
484 TITLE:=Netfilter LOG over NFNETLINK interface
485 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
486 KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
487 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
488 $(call AddDepends/nfnetlink)
489 endef
490
491 define KernelPackage/nfnetlink-log/description
492 Kernel modules support for logging packets via NFNETLINK
493 endef
494
495 $(eval $(call KernelPackage,nfnetlink-log))
496
497
498 define KernelPackage/nfnetlink-queue
499 TITLE:=Netfilter QUEUE over NFNETLINK interface
500 FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
501 KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
502 AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
503 $(call AddDepends/nfnetlink)
504 endef
505
506 define KernelPackage/nfnetlink-queue/description
507 Kernel modules support for queueing packets via NFNETLINK
508 endef
509
510 $(eval $(call KernelPackage,nfnetlink-queue))
511
512
513 define KernelPackage/nf-conntrack-netlink
514 TITLE:=Connection tracking netlink interface
515 FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
516 KCONFIG:=CONFIG_NF_CT_NETLINK
517 AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
518 $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
519 endef
520
521 define KernelPackage/nf-conntrack-netlink/description
522 Kernel modules support for a netlink-based connection tracking
523 userspace interface
524 endef
525
526 $(eval $(call KernelPackage,nf-conntrack-netlink))
527
528 define KernelPackage/ipt-hashlimit
529 SUBMENU:=$(NF_MENU)
530 TITLE:=Netfilter hashlimit match
531 KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
532 FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
533 AUTOLOAD:=$(call AutoLoad,50,xt_hashlimit)
534 $(call KernelPackage/ipt)
535 endef
536
537 define KernelPackage/ipt-hashlimit/description
538 Kernel modules support for the hashlimit bucket match module
539 endef
540
541 $(eval $(call KernelPackage,ipt-hashlimit))
Personal OpenWRT clone
This page took 0.075152 seconds and 5 git commands to generate.