source: trunk/package/kernel/modules/netfilter.mk @ 26977

Last change on this file since 26977 was 26977, checked in by jow, 5 years ago

[netfilter] package u32 match and TEE target, patches by Maxim Uvarov

  • Property svn:eol-style set to native
File size: 14.2 KB
Line 
1
2#
3# Copyright (C) 2006-2010 OpenWrt.org
4#
5# This is free software, licensed under the GNU General Public License v2.
6# See /LICENSE for more information.
7#
8
9NF_MENU:=Netfilter Extensions
10NF_KMOD:=1
11include $(INCLUDE_DIR)/netfilter.mk
12
13define KernelPackage/ipt-core
14  SUBMENU:=$(NF_MENU)
15  TITLE:=Netfilter core
16  KCONFIG:= \
17        CONFIG_NETFILTER=y \
18        CONFIG_NETFILTER_ADVANCED=y \
19        $(KCONFIG_IPT_CORE)
20  FILES:=$(foreach mod,$(IPT_CORE-m),$(LINUX_DIR)/net/$(mod).ko)
21  AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_CORE-m)))
22endef
23
24define KernelPackage/ipt-core/description
25 Netfilter core kernel modules
26 Includes:
27 - comment
28 - limit
29 - LOG
30 - mac
31 - multiport
32 - REJECT
33 - TCPMSS
34endef
35
36$(eval $(call KernelPackage,ipt-core))
37
38
39define AddDepends/ipt
40  SUBMENU:=$(NF_MENU)
41  DEPENDS+= kmod-ipt-core $(1)
42endef
43
44
45define KernelPackage/ipt-conntrack
46  TITLE:=Basic connection tracking modules
47  KCONFIG:=$(KCONFIG_IPT_CONNTRACK)
48  FILES:=$(foreach mod,$(IPT_CONNTRACK-m),$(LINUX_DIR)/net/$(mod).ko)
49  AUTOLOAD:=$(call AutoLoad,41,$(notdir $(IPT_CONNTRACK-m)))
50  $(call AddDepends/ipt)
51endef
52
53define KernelPackage/ipt-conntrack/description
54 Netfilter (IPv4) kernel modules for connection tracking
55 Includes:
56 - conntrack
57 - defrag
58 - iptables_raw
59 - NOTRACK
60 - state
61endef
62
63$(eval $(call KernelPackage,ipt-conntrack))
64
65
66define KernelPackage/ipt-conntrack-extra
67  TITLE:=Extra connection tracking modules
68  KCONFIG:=$(KCONFIG_IPT_CONNTRACK_EXTRA)
69  FILES:=$(foreach mod,$(IPT_CONNTRACK_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
70  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_CONNTRACK_EXTRA-m)))
71  $(call AddDepends/ipt,+kmod-ipt-conntrack)
72endef
73
74define KernelPackage/ipt-conntrack-extra/description
75 Netfilter (IPv4) extra kernel modules for connection tracking
76 Includes:
77 - connbytes
78 - connmark/CONNMARK
79 - conntrack
80 - helper
81 - recent
82endef
83
84$(eval $(call KernelPackage,ipt-conntrack-extra))
85
86
87define KernelPackage/ipt-filter
88  TITLE:=Modules for packet content inspection
89  KCONFIG:=$(KCONFIG_IPT_FILTER)
90  FILES:=$(foreach mod,$(IPT_FILTER-m),$(LINUX_DIR)/net/$(mod).ko)
91  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_FILTER-m)))
92  $(call AddDepends/ipt,+kmod-textsearch)
93endef
94
95define KernelPackage/ipt-filter/description
96 Netfilter (IPv4) kernel modules for packet content inspection
97 Includes:
98 - layer7
99 - string
100endef
101
102$(eval $(call KernelPackage,ipt-filter))
103
104
105define KernelPackage/ipt-ipopt
106  TITLE:=Modules for matching/changing IP packet options
107  KCONFIG:=$(KCONFIG_IPT_IPOPT)
108  FILES:=$(foreach mod,$(IPT_IPOPT-m),$(LINUX_DIR)/net/$(mod).ko)
109  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPOPT-m)))
110  $(call AddDepends/ipt)
111endef
112
113define KernelPackage/ipt-ipopt/description
114 Netfilter (IPv4) modules for matching/changing IP packet options
115 Includes:
116 - CLASSIFY
117 - dscp/DSCP
118 - ecn/ECN
119 - hl/HL
120 - length
121 - mark/MARK
122 - statistic
123 - tcpmss
124 - time
125 - unclean
126endef
127
128$(eval $(call KernelPackage,ipt-ipopt))
129
130
131define KernelPackage/ipt-ipsec
132  TITLE:=Modules for matching IPSec packets
133  KCONFIG:=$(KCONFIG_IPT_IPSEC)
134  FILES:=$(foreach mod,$(IPT_IPSEC-m),$(LINUX_DIR)/net/$(mod).ko)
135  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPSEC-m)))
136  $(call AddDepends/ipt)
137endef
138
139define KernelPackage/ipt-ipsec/description
140 Netfilter (IPv4) modules for matching IPSec packets
141 Includes:
142 - ah
143 - esp
144 - policy
145endef
146
147$(eval $(call KernelPackage,ipt-ipsec))
148
149
150define KernelPackage/ipt-nat
151  TITLE:=Basic NAT targets
152  KCONFIG:=$(KCONFIG_IPT_NAT)
153  FILES:=$(foreach mod,$(IPT_NAT-m),$(LINUX_DIR)/net/$(mod).ko)
154  AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_NAT-m)))
155  $(call AddDepends/ipt,+kmod-ipt-conntrack)
156endef
157
158define KernelPackage/ipt-nat/description
159 Netfilter (IPv4) kernel modules for basic NAT targets
160 Includes:
161 - MASQUERADE
162endef
163
164$(eval $(call KernelPackage,ipt-nat))
165
166
167define KernelPackage/ipt-nat-extra
168  TITLE:=Extra NAT targets
169  KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
170  FILES:=$(foreach mod,$(IPT_NAT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
171  AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT_EXTRA-m)))
172  $(call AddDepends/ipt,+kmod-ipt-nat)
173endef
174
175define KernelPackage/ipt-nat-extra/description
176 Netfilter (IPv4) kernel modules for extra NAT targets
177 Includes:
178 - NETMAP
179 - REDIRECT
180endef
181
182$(eval $(call KernelPackage,ipt-nat-extra))
183
184
185define KernelPackage/ipt-nathelper
186  TITLE:=Basic Conntrack and NAT helpers
187  KCONFIG:=$(KCONFIG_IPT_NATHELPER)
188  FILES:=$(foreach mod,$(IPT_NATHELPER-m),$(LINUX_DIR)/net/$(mod).ko)
189  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER-m)))
190  $(call AddDepends/ipt,+kmod-ipt-nat)
191endef
192
193define KernelPackage/ipt-nathelper/description
194 Default Netfilter (IPv4) Conntrack and NAT helpers
195 Includes:
196 - ftp
197 - irc
198 - tftp
199endef
200
201$(eval $(call KernelPackage,ipt-nathelper))
202
203
204define KernelPackage/ipt-nathelper-extra
205  TITLE:=Extra Conntrack and NAT helpers
206  KCONFIG:=$(KCONFIG_IPT_NATHELPER_EXTRA)
207  FILES:=$(foreach mod,$(IPT_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
208  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_NATHELPER_EXTRA-m)))
209  $(call AddDepends/ipt,+kmod-ipt-nat +kmod-textsearch)
210endef
211
212define KernelPackage/ipt-nathelper-extra/description
213 Extra Netfilter (IPv4) Conntrack and NAT helpers
214 Includes:
215 - amanda
216 - h323
217 - mms
218 - pptp
219 - proto_gre
220 - rtsp
221 - sip
222 - snmp_basic
223endef
224
225$(eval $(call KernelPackage,ipt-nathelper-extra))
226
227
228define KernelPackage/ipt-queue
229  TITLE:=Module for user-space packet queueing
230  KCONFIG:=$(KCONFIG_IPT_QUEUE)
231  FILES:=$(foreach mod,$(IPT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
232  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_QUEUE-m)))
233  $(call AddDepends/ipt)
234endef
235
236define KernelPackage/ipt-queue/description
237 Netfilter (IPv4) module for user-space packet queueing
238 Includes:
239 - QUEUE
240endef
241
242$(eval $(call KernelPackage,ipt-queue))
243
244
245define KernelPackage/ipt-ulog
246  TITLE:=Module for user-space packet logging
247  KCONFIG:=$(KCONFIG_IPT_ULOG)
248  FILES:=$(foreach mod,$(IPT_ULOG-m),$(LINUX_DIR)/net/$(mod).ko)
249  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_ULOG-m)))
250  $(call AddDepends/ipt)
251endef
252
253define KernelPackage/ipt-ulog/description
254 Netfilter (IPv4) module for user-space packet logging
255 Includes:
256 - ULOG
257endef
258
259$(eval $(call KernelPackage,ipt-ulog))
260
261
262define KernelPackage/ipt-debug
263  TITLE:=Module for debugging/development
264  KCONFIG:=$(KCONFIG_IPT_DEBUG)
265  DEFAULT:=n
266  FILES:=$(foreach mod,$(IPT_DEBUG-m),$(LINUX_DIR)/net/$(mod).ko)
267  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_DEBUG-m)))
268  $(call AddDepends/ipt)
269endef
270
271define KernelPackage/ipt-debug/description
272 Netfilter modules for debugging/development of the firewall
273 Includes:
274 - TRACE
275endef
276
277$(eval $(call KernelPackage,ipt-debug))
278
279
280define KernelPackage/ipt-led
281  TITLE:=Module to trigger a LED with a Netfilter rule
282  KCONFIG:=$(KCONFIG_IPT_LED)
283  FILES:=$(foreach mod,$(IPT_LED-m),$(LINUX_DIR)/net/$(mod).ko)
284  AUTOLOAD:=$(call AutoLoad,61,$(notdir $(IPT_LED-m)))
285  $(call AddDepends/ipt)
286endef
287
288define KernelPackage/ipt-led/description
289 Netfilter target to trigger a LED when a network packet is matched.
290endef
291
292$(eval $(call KernelPackage,ipt-led))
293
294define KernelPackage/ipt-tproxy
295  TITLE:=Transparent proxying support
296  DEPENDS+=+IPV6:kmod-ipv6
297  KCONFIG:= \
298        CONFIG_NETFILTER_TPROXY \
299        CONFIG_NETFILTER_XT_MATCH_SOCKET \
300        CONFIG_NETFILTER_XT_TARGET_TPROXY
301  FILES:= \
302        $(LINUX_DIR)/net/netfilter/nf_tproxy_core.ko \
303        $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
304  AUTOLOAD:=$(call AutoLoad,50,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
305  $(call AddDepends/ipt)
306endef
307
308define KernelPackage/ipt-tproxy/description
309  Kernel modules for Transparent Proxying
310endef
311
312$(eval $(call KernelPackage,ipt-tproxy))
313
314define KernelPackage/ipt-tee
315  TITLE:=TEE support
316  KCONFIG:= \
317        CONFIG_NETFILTER_XT_TARGET_TEE
318  FILES:= \
319        $(LINUX_DIR)/net/netfilter/xt_TEE.ko \
320        $(foreach mod,$(IPT_TEE-m),$(LINUX_DIR)/net/$(mod).ko)
321  AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_TEE-m)))
322  $(call AddDepends/ipt)
323endef
324
325define KernelPackage/ipt-tee/description
326  Kernel modules for TEE
327endef
328
329$(eval $(call KernelPackage,ipt-tee))
330
331
332define KernelPackage/ipt-u32
333  TITLE:=U32 support
334  KCONFIG:= \
335        CONFIG_NETFILTER_XT_MATCH_U32
336  FILES:= \
337        $(LINUX_DIR)/net/netfilter/xt_u32.ko \
338        $(foreach mod,$(IPT_U32-m),$(LINUX_DIR)/net/$(mod).ko)
339  AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tee $(IPT_U32-m)))
340  $(call AddDepends/ipt)
341endef
342
343define KernelPackage/ipt-u32/description
344  Kernel modules for U32
345endef
346
347$(eval $(call KernelPackage,ipt-u32))
348
349
350define KernelPackage/ipt-iprange
351  TITLE:=Module for matching ip ranges
352  KCONFIG:=$(KCONFIG_IPT_IPRANGE)
353  FILES:=$(foreach mod,$(IPT_IPRANGE-m),$(LINUX_DIR)/net/$(mod).ko)
354  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_IPRANGE-m)))
355  $(call AddDepends/ipt)
356endef
357
358define KernelPackage/ipt-iprange/description
359 Netfilter (IPv4) module for matching ip ranges
360 Includes:
361 - iprange
362endef
363
364$(eval $(call KernelPackage,ipt-iprange))
365
366
367define KernelPackage/ipt-extra
368  TITLE:=Extra modules
369  KCONFIG:=$(KCONFIG_IPT_EXTRA)
370  FILES:=$(foreach mod,$(IPT_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
371  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(IPT_EXTRA-m)))
372  $(call AddDepends/ipt)
373endef
374
375define KernelPackage/ipt-extra/description
376 Other Netfilter (IPv4) kernel modules
377 Includes:
378 - owner
379 - physdev (if bridge support was enabled in kernel)
380 - pkttype
381 - quota
382endef
383
384$(eval $(call KernelPackage,ipt-extra))
385
386
387define KernelPackage/ip6tables
388  SUBMENU:=$(NF_MENU)
389  TITLE:=IPv6 modules
390  DEPENDS:=+kmod-ipv6
391  KCONFIG:=$(KCONFIG_IPT_IPV6)
392  FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
393  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m)))
394endef
395
396define KernelPackage/ip6tables/description
397 Netfilter IPv6 firewalling support
398endef
399
400$(eval $(call KernelPackage,ip6tables))
401
402
403define KernelPackage/arptables
404  SUBMENU:=$(NF_MENU)
405  TITLE:=ARP firewalling modules
406  FILES:=$(LINUX_DIR)/net/ipv4/netfilter/arp*.ko
407  KCONFIG:=CONFIG_IP_NF_ARPTABLES \
408    CONFIG_IP_NF_ARPFILTER \
409    CONFIG_IP_NF_ARP_MANGLE
410  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv4/netfilter/arp*.ko))))
411endef
412
413define KernelPackage/arptables/description
414 Kernel modules for ARP firewalling
415endef
416
417$(eval $(call KernelPackage,arptables))
418
419
420define KernelPackage/ebtables
421  SUBMENU:=$(NF_MENU)
422  TITLE:=Bridge firewalling modules
423  FILES:=$(foreach mod,$(EBTABLES-m),$(LINUX_DIR)/net/$(mod).ko)
424  KCONFIG:=CONFIG_BRIDGE_NETFILTER=y \
425        $(KCONFIG_EBTABLES)
426  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES-m)))
427endef
428
429define KernelPackage/ebtables/description
430  ebtables is a general, extensible frame/packet identification
431  framework. It provides you to do Ethernet
432  filtering/NAT/brouting on the Ethernet bridge.
433endef
434
435$(eval $(call KernelPackage,ebtables))
436
437
438define AddDepends/ebtables
439  SUBMENU:=$(NF_MENU)
440  DEPENDS+=kmod-ebtables $(1)
441endef
442
443
444define KernelPackage/ebtables-ipv4
445  TITLE:=ebtables: IPv4 support
446  FILES:=$(foreach mod,$(EBTABLES_IP4-m),$(LINUX_DIR)/net/$(mod).ko)
447  KCONFIG:=$(KCONFIG_EBTABLES_IP4)
448  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP4-m)))
449  $(call AddDepends/ebtables)
450endef
451
452define KernelPackage/ebtables-ipv4/description
453 This option adds the IPv4 support to ebtables, which allows basic
454 IPv4 header field filtering, ARP filtering as well as SNAT, DNAT targets.
455endef
456
457$(eval $(call KernelPackage,ebtables-ipv4))
458
459
460define KernelPackage/ebtables-ipv6
461  TITLE:=ebtables: IPv6 support
462  FILES:=$(foreach mod,$(EBTABLES_IP6-m),$(LINUX_DIR)/net/$(mod).ko)
463  KCONFIG:=$(KCONFIG_EBTABLES_IP6)
464  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_IP6-m)))
465  $(call AddDepends/ebtables)
466endef
467
468define KernelPackage/ebtables-ipv6/description
469 This option adds the IPv6 support to ebtables, which allows basic
470 IPv6 header field filtering and target support.
471endef
472
473$(eval $(call KernelPackage,ebtables-ipv6))
474
475
476define KernelPackage/ebtables-watchers
477  TITLE:=ebtables: watchers support
478  FILES:=$(foreach mod,$(EBTABLES_WATCHERS-m),$(LINUX_DIR)/net/$(mod).ko)
479  KCONFIG:=$(KCONFIG_EBTABLES_WATCHERS)
480  AUTOLOAD:=$(call AutoLoad,49,$(notdir $(EBTABLES_WATCHERS-m)))
481  $(call AddDepends/ebtables)
482endef
483
484define KernelPackage/ebtables-watchers/description
485 This option adds the log watchers, that you can use in any rule
486 in any ebtables table.
487endef
488
489$(eval $(call KernelPackage,ebtables-watchers))
490
491
492define KernelPackage/nfnetlink
493  SUBMENU:=$(NF_MENU)
494  TITLE:=Netlink-based userspace interface
495  DEPENDS:=+kmod-ipt-core
496  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
497  KCONFIG:=CONFIG_NETFILTER_NETLINK
498  AUTOLOAD:=$(call AutoLoad,48,nfnetlink)
499endef
500
501define KernelPackage/nfnetlink/description
502 Kernel modules support for a netlink-based userspace interface
503endef
504
505$(eval $(call KernelPackage,nfnetlink))
506
507
508define AddDepends/nfnetlink
509  SUBMENU:=$(NF_MENU)
510  DEPENDS+=+kmod-nfnetlink $(1)
511endef
512
513
514define KernelPackage/nfnetlink-log
515  TITLE:=Netfilter LOG over NFNETLINK interface
516  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
517  KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
518  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log)
519  $(call AddDepends/nfnetlink)
520endef
521
522define KernelPackage/nfnetlink-log/description
523 Kernel modules support for logging packets via NFNETLINK
524endef
525
526$(eval $(call KernelPackage,nfnetlink-log))
527
528
529define KernelPackage/nfnetlink-queue
530  TITLE:=Netfilter QUEUE over NFNETLINK interface
531  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
532  KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
533  AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue)
534  $(call AddDepends/nfnetlink)
535endef
536
537define KernelPackage/nfnetlink-queue/description
538 Kernel modules support for queueing packets via NFNETLINK
539endef
540
541$(eval $(call KernelPackage,nfnetlink-queue))
542
543
544define KernelPackage/nf-conntrack-netlink
545  TITLE:=Connection tracking netlink interface
546  FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
547  KCONFIG:=CONFIG_NF_CT_NETLINK
548  AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink)
549  $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
550endef
551
552define KernelPackage/nf-conntrack-netlink/description
553 Kernel modules support for a netlink-based connection tracking
554 userspace interface
555endef
556
557$(eval $(call KernelPackage,nf-conntrack-netlink))
558
559define KernelPackage/ipt-hashlimit
560  SUBMENU:=$(NF_MENU)
561  TITLE:=Netfilter hashlimit match
562  KCONFIG:=$(KCONFIG_IPT_HASHLIMIT)
563  FILES:=$(LINUX_DIR)/net/netfilter/xt_hashlimit.ko
564  AUTOLOAD:=$(call AutoLoad,50,xt_hashlimit)
565  $(call KernelPackage/ipt)
566endef
567
568define KernelPackage/ipt-hashlimit/description
569 Kernel modules support for the hashlimit bucket match module
570endef
571
572$(eval $(call KernelPackage,ipt-hashlimit))
Note: See TracBrowser for help on using the repository browser.