summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authornico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2007-09-23 17:22:17 +0000
committernico <nico@3c298f89-4303-0410-b956-a3cf2f4a3e73>2007-09-23 17:22:17 +0000
commit45d02992d9a88e27ca330670eef636ad12c489ad (patch)
tree8b03eee4ab1045f06e869d9bd5d6be6c0a97f31b
parenteb35ecc37364503531222c0abb1e6af68a12b7fb (diff)
add ipv6 conntrack support (closes: #2192)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8984 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--include/netfilter.mk29
-rw-r--r--package/kernel/modules/netfilter.mk4
-rw-r--r--target/linux/generic-2.6/config-2.6.225
-rw-r--r--target/linux/generic-2.6/config-default5
4 files changed, 35 insertions, 8 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 440314dc1..9ed736aea 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -11,6 +11,7 @@ __inc_netfilter:=1
ifeq ($(NF_KMOD),1)
P_V4:=ipv4/netfilter/
+P_V6:=ipv6/netfilter/
P_XT:=netfilter/
endif
@@ -142,6 +143,33 @@ $(eval $(call nf_add,IPT_IPSET,CONFIG_IP_NF_MATCH_SET, $(P_V4)ipt_set))
$(eval $(call nf_add,IPT_IPSET,CONFIG_IP_NF_TARGET_SET, $(P_V4)ipt_SET))
+# IPv6
+
+# kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table_raw),))
+
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_HL, $(P_V6)ip6t_hl))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OWNER, $(P_V6)ip6t_owner))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
+
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_HL, $(P_V6)ip6t_HL))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_IMQ, $(P_V6)ip6t_IMQ))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
+$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_ROUTE, $(P_V6)ip6t_ROUTE))
+
+
# nat
# kernel only
@@ -226,6 +254,7 @@ IPT_BUILTIN += $(IPT_IPOPT-y)
IPT_BUILTIN += $(IPT_IPRANGE-y)
IPT_BUILTIN += $(IPT_IPSEC-y)
IPT_BUILTIN += $(IPT_IPSET-y)
+IPT_BUILTIN += $(IPT_IPV6-y)
IPT_BUILTIN += $(IPT_NAT-y)
IPT_BUILTIN += $(IPT_ULOG-y)
diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index 5fe6b57ab..d25296bec 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -259,8 +259,8 @@ define KernelPackage/ip6tables
SUBMENU:=$(NF_MENU)
TITLE:=IPv6 modules
KCONFIG:=CONFIG_IP6_NF_IPTABLES
- FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip*.$(LINUX_KMOD_SUFFIX)
- AUTOLOAD:=$(call AutoLoad,40,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6table_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6t_*.$(LINUX_KMOD_SUFFIX)))))
+ FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
+ AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPV6-m)))
endef
define KernelPackage/ip6tables/description
diff --git a/target/linux/generic-2.6/config-2.6.22 b/target/linux/generic-2.6/config-2.6.22
index ba4c5e7ca..8fe379c10 100644
--- a/target/linux/generic-2.6/config-2.6.22
+++ b/target/linux/generic-2.6/config-2.6.22
@@ -487,8 +487,7 @@ CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
-CONFIG_IP6_NF_MATCH_LIMIT=m
-# CONFIG_IP6_NF_MATCH_MH is not set
+CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_RT=m
@@ -831,7 +830,7 @@ CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IPV4=y
-# CONFIG_NF_CONNTRACK_IPV6 is not set
+CONFIG_NF_CONNTRACK_IPV6=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_MARK=y
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
diff --git a/target/linux/generic-2.6/config-default b/target/linux/generic-2.6/config-default
index 34bc9201b..fbedf1acc 100644
--- a/target/linux/generic-2.6/config-default
+++ b/target/linux/generic-2.6/config-default
@@ -465,8 +465,7 @@ CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
-CONFIG_IP6_NF_MATCH_LIMIT=m
-# CONFIG_IP6_NF_MATCH_MH is not set
+CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_RT=m
@@ -810,7 +809,7 @@ CONFIG_NF_CONNTRACK_ENABLED=y
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IPV4=y
-# CONFIG_NF_CONNTRACK_IPV6 is not set
+CONFIG_NF_CONNTRACK_IPV6=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_MARK=y
# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set