X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/ae57d8838ce086c44a95b54816191ed9e92545b2..1d1240855a20a954a108e5692182e9234a1a7f9a:/package/kernel/modules/netfilter.mk diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk index 561286efd..713d8cbef 100644 --- a/package/kernel/modules/netfilter.mk +++ b/package/kernel/modules/netfilter.mk @@ -13,7 +13,10 @@ include $(INCLUDE_DIR)/netfilter.mk define KernelPackage/ipt-core SUBMENU:=$(NF_MENU) TITLE:=Netfilter core - KCONFIG:=$(KCONFIG_IPT_CORE) + KCONFIG:= \ + CONFIG_NETFILTER=y \ + CONFIG_NETFILTER_ADVANCED=y \ + $(KCONFIG_IPT_CORE) FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m))) endef @@ -21,7 +24,7 @@ endef define KernelPackage/ipt-core/description Netfilter core kernel modules Includes: - - comment (2.6) + - comment - limit - LOG - mac @@ -51,7 +54,7 @@ define KernelPackage/ipt-conntrack/description Netfilter (IPv4) kernel modules for connection tracking Includes: - conntrack - - defrag (2.6) + - defrag - iptables_raw - NOTRACK - state @@ -86,7 +89,7 @@ define KernelPackage/ipt-filter KCONFIG:=$(KCONFIG_IPT_FILTER) FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m))) - $(call AddDepends/ipt,+kmod-textsearch) + $(call AddDepends/ipt,+kmod-lib-textsearch) endef define KernelPackage/ipt-filter/description @@ -113,14 +116,12 @@ define KernelPackage/ipt-ipopt/description - CLASSIFY - dscp/DSCP - ecn/ECN - - hl/HL (2.6.30 and later) + - hl/HL - length - mark/MARK - - statistic (2.6) + - statistic - tcpmss - time - - tos/TOS (prior to 2.6.25) - - ttl/TTL (prior to 2.6.30) - unclean endef @@ -140,7 +141,7 @@ define KernelPackage/ipt-ipsec/description Includes: - ah - esp - - policy (2.6) + - policy endef $(eval $(call KernelPackage,ipt-ipsec)) @@ -174,7 +175,6 @@ endef define KernelPackage/ipt-nat-extra/description Netfilter (IPv4) kernel modules for extra NAT targets Includes: - - MIRROR (2.4) - NETMAP - REDIRECT endef @@ -206,7 +206,7 @@ define KernelPackage/ipt-nathelper-extra KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA) FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m))) - $(call AddDepends/ipt,+kmod-ipt-nat +kmod-textsearch) + $(call AddDepends/ipt,+kmod-ipt-nat +kmod-lib-textsearch) endef define KernelPackage/ipt-nathelper-extra/description @@ -215,40 +215,16 @@ define KernelPackage/ipt-nathelper-extra/description - amanda - h323 - mms - - pptp (2.6) - - proto_gre (2.6) + - pptp + - proto_gre - rtsp - - sip (2.6) + - sip - snmp_basic endef $(eval $(call KernelPackage,ipt-nathelper-extra)) -define KernelPackage/ipt-imq - TITLE:=Intermediate Queueing support - KCONFIG:= \ - CONFIG_IMQ \ - CONFIG_IMQ_BEHAVIOR_BA=y \ - CONFIG_IMQ_NUM_DEVS=2 \ - CONFIG_NETFILTER_XT_TARGET_IMQ - FILES:= \ - $(LINUX_DIR)/drivers/net/imq.ko \ - $(foreach mod,$(IPT_IMQ-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,46,$(notdir \ - imq \ - $(IPT_IMQ-m) \ - )) - $(call AddDepends/ipt) -endef - -define KernelPackage/ipt-imq/description - Kernel support for Intermediate Queueing devices -endef - -$(eval $(call KernelPackage,ipt-imq)) - - define KernelPackage/ipt-queue TITLE:=Module for user-space packet queueing KCONFIG:=$(KCONFIG_IPT_QUEUE) @@ -283,8 +259,41 @@ endef $(eval $(call KernelPackage,ipt-ulog)) +define KernelPackage/ipt-debug + TITLE:=Module for debugging/development + KCONFIG:=$(KCONFIG_IPT_DEBUG) + DEFAULT:=n + FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_DEBUG-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-debug/description + Netfilter modules for debugging/development of the firewall + Includes: + - TRACE +endef + +$(eval $(call KernelPackage,ipt-debug)) + + +define KernelPackage/ipt-led + TITLE:=Module to trigger a LED with a Netfilter rule + KCONFIG:=$(KCONFIG_IPT_LED) + FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,61,$(notdir $(IPT_LED-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-led/description + Netfilter target to trigger a LED when a network packet is matched. +endef + +$(eval $(call KernelPackage,ipt-led)) + define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support + DEPENDS+=+IPV6:kmod-ipv6 KCONFIG:= \ CONFIG_NETFILTER_TPROXY \ CONFIG_NETFILTER_XT_MATCH_SOCKET \ @@ -292,7 +301,7 @@ define KernelPackage/ipt-tproxy FILES:= \ $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \ $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) + AUTOLOAD:=$(call AutoLoad,50,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) $(call AddDepends/ipt) endef @@ -302,6 +311,41 @@ endef $(eval $(call KernelPackage,ipt-tproxy)) +define KernelPackage/ipt-tee + TITLE:=TEE support + KCONFIG:= \ + CONFIG_NETFILTER_XT_TARGET_TEE + FILES:= \ + $(LINUX_DIR)/net/netfilter/xt_TEE.ko \ + $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_TEE-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-tee/description + Kernel modules for TEE +endef + +$(eval $(call KernelPackage,ipt-tee)) + + +define KernelPackage/ipt-u32 + TITLE:=U32 support + KCONFIG:= \ + CONFIG_NETFILTER_XT_MATCH_U32 + FILES:= \ + $(LINUX_DIR)/net/netfilter/xt_u32.ko \ + $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_U32-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-u32/description + Kernel modules for U32 +endef + +$(eval $(call KernelPackage,ipt-u32)) + define KernelPackage/ipt-iprange TITLE:=Module for matching ip ranges @@ -331,7 +375,6 @@ endef define KernelPackage/ipt-extra/description Other Netfilter (IPv4) kernel modules Includes: - - condition (2.4 only) - owner - physdev (if bridge support was enabled in kernel) - pkttype @@ -512,3 +555,18 @@ define KernelPackage/nf-conntrack-netlink/description endef $(eval $(call KernelPackage,nf-conntrack-netlink)) + +define KernelPackage/ipt-hashlimit + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter hashlimit match + KCONFIG:=$(KCONFIG_IPT_HASHLIMIT) + FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko + AUTOLOAD:=$(call AutoLoad,50,xt_hashlimit) + $(call KernelPackage/ipt) +endef + +define KernelPackage/ipt-hashlimit/description + Kernel modules support for the hashlimit bucket match module +endef + +$(eval $(call KernelPackage,ipt-hashlimit))