diff options
-rw-r--r-- | target/linux/Config.in | 132 | ||||
-rw-r--r-- | target/linux/control/kmod-imq.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-conntrack.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-extra.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-filter.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-ipopt.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-ipsec.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-nat-extra.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-nat.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-queue.control | 4 | ||||
-rw-r--r-- | target/linux/control/kmod-ipt-ulog.control | 4 | ||||
-rw-r--r-- | target/linux/linux-2.4/Makefile | 48 | ||||
-rw-r--r-- | target/linux/linux-2.6/Makefile | 48 | ||||
-rw-r--r-- | target/linux/netfilter.mk | 136 | ||||
-rw-r--r-- | target/linux/rules.mk | 4 |
15 files changed, 395 insertions, 13 deletions
diff --git a/target/linux/Config.in b/target/linux/Config.in index ba8e4113c..cd7febae7 100644 --- a/target/linux/Config.in +++ b/target/linux/Config.in @@ -188,21 +188,141 @@ config BR2_PACKAGE_KMOD_EBTABLES help Kernel modules for bridge firewalling -config BR2_PACKAGE_KMOD_IPTABLES_V4 - prompt "kmod-iptables..................... Basic set of kernel modules for iptables" +config BR2_PACKAGE_KMOD_IPTABLES + prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling" tristate default y help Kernel modules for IPv4 firewalling -config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA - prompt "kmod-iptables-extra............... Extra modules for iptables" +config BR2_PACKAGE_KMOD_IPTABLES_EXTRA + prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)" tristate default m + select BR2_PACKAGE_KMOD_IPT_CONNTRACK + select BR2_PACKAGE_KMOD_IPT_FILTER + select BR2_PACKAGE_KMOD_IPT_IPOPT + select BR2_PACKAGE_KMOD_IPT_IPSEC + select BR2_PACKAGE_KMOD_IPT_NAT + select BR2_PACKAGE_KMOD_IPT_NAT_EXTRA + select BR2_PACKAGE_KMOD_IPT_QUEUE + select BR2_PACKAGE_KMOD_IPT_ULOG + select BR2_PACKAGE_KMOD_IPT_EXTRA help - Extra kernel modules for IPv4 firewalling + Extra Netfilter kernel modules for IPv4 firewalling (meta-package) -config BR2_PACKAGE_KMOD_IPTABLES_V6 +config BR2_PACKAGE_KMOD_IPT_CONNTRACK + prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking" + tristate + default m + help + Netfilter (IPv4) kernel modules for connection tracking + + Includes: + * ipt_conntrack + * ipt_helper + * ipt_connmark/CONNMARK + +config BR2_PACKAGE_KMOD_IPT_FILTER + prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection" + tristate + default m + help + Netfilter (IPv4) kernel modules for packet content inspection + + Includes: + * ipt_ipp2p + * ipt_layer7 + +config BR2_PACKAGE_KMOD_IPT_IPOPT + prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options" + tristate + default m + help + Netfilter (IPv4) kernel modules for matching/changing IP packet options + + Includes: + * ipt_dscp/DSCP + * ipt_ecn/ECN + * ipt_length + * ipt_mac + * ipt_tos/TOS + * ipt_tcpmms + * ipt_ttl/TTL + * ipt_unclean + +config BR2_PACKAGE_KMOD_IPT_IPSEC + prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets" + tristate + default m + help + Netfilter (IPv4) kernel modules for matching IPsec packets + + Includes: + * ipt_ah + * ipt_esp + +config BR2_PACKAGE_KMOD_IPT_NAT + prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets" + tristate + default m + help + Netfilter (IPv4) kernel modules for different NAT targets + + Includes: + * ipt_REDIRECT + +config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA + prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols" + tristate + default m + help + Extra Netfilter (IPv4) NAT kernel modules for special protocols + + Includes: + * ip_conntrack_amanda + * ip_conntrack_proto_gre + * ip_nat_proto_gre + * ip_conntrack_pptp + * ip_nat_pptp + * ip_nat_snmp_basic + * ip_conntrack_tftp + +config BR2_PACKAGE_KMOD_IPT_QUEUE + prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing" + tristate + default m + help + Netfilter (IPv4) module for user-space packet queueing + + Includes: + * ipt_QUEUE + +config BR2_PACKAGE_KMOD_IPT_ULOG + prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging" + tristate + default m + help + Netfilter (IPv4) module for user-space packet logging + + Includes: + * ipt_ULOG + +config BR2_PACKAGE_KMOD_IPT_EXTRA + prompt "kmod-ipt-extra.................... Other extra Netfilter modules" + tristate + default m + help + Other extra Netfilter (IPv4) kernel modules + + Includes: + * ipt_limit + * ipt_owner + * ipt_physdev + * ipt_pkttype + * ipt_recent + +config BR2_PACKAGE_KMOD_IP6TABLES prompt "kmod-ip6tables.................... Kernel modules for ip6tables" tristate default m diff --git a/target/linux/control/kmod-imq.control b/target/linux/control/kmod-imq.control new file mode 100644 index 000000000..78925a40b --- /dev/null +++ b/target/linux/control/kmod-imq.control @@ -0,0 +1,4 @@ +Package: kmod-imq +Priority: optional +Section: net +Description: Kernel support for the Intermediate Queueing device diff --git a/target/linux/control/kmod-ipt-conntrack.control b/target/linux/control/kmod-ipt-conntrack.control new file mode 100644 index 000000000..3528ec4e0 --- /dev/null +++ b/target/linux/control/kmod-ipt-conntrack.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-conntrack +Priority: optional +Section: net +Description: Extra Netfilter (IPv4) kernel modules for connection tracking diff --git a/target/linux/control/kmod-ipt-extra.control b/target/linux/control/kmod-ipt-extra.control new file mode 100644 index 000000000..d336cc300 --- /dev/null +++ b/target/linux/control/kmod-ipt-extra.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-extra +Priority: optional +Section: net +Description: Other extra Netfilter (IPv4) kernel modules diff --git a/target/linux/control/kmod-ipt-filter.control b/target/linux/control/kmod-ipt-filter.control new file mode 100644 index 000000000..8f5684d49 --- /dev/null +++ b/target/linux/control/kmod-ipt-filter.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-filter +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for packet content inspection diff --git a/target/linux/control/kmod-ipt-ipopt.control b/target/linux/control/kmod-ipt-ipopt.control new file mode 100644 index 000000000..f0c9856d0 --- /dev/null +++ b/target/linux/control/kmod-ipt-ipopt.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ipopt +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for matching/changing IP packet options diff --git a/target/linux/control/kmod-ipt-ipsec.control b/target/linux/control/kmod-ipt-ipsec.control new file mode 100644 index 000000000..6baa3d444 --- /dev/null +++ b/target/linux/control/kmod-ipt-ipsec.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ipsec +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for matching special IPsec packets diff --git a/target/linux/control/kmod-ipt-nat-extra.control b/target/linux/control/kmod-ipt-nat-extra.control new file mode 100644 index 000000000..84b429453 --- /dev/null +++ b/target/linux/control/kmod-ipt-nat-extra.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-nat-extra +Priority: optional +Section: net +Description: Extra Netfilter (IPv4) NAT kernel modules for special protocols diff --git a/target/linux/control/kmod-ipt-nat.control b/target/linux/control/kmod-ipt-nat.control new file mode 100644 index 000000000..89fc8434b --- /dev/null +++ b/target/linux/control/kmod-ipt-nat.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-nat +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for different NAT targets diff --git a/target/linux/control/kmod-ipt-queue.control b/target/linux/control/kmod-ipt-queue.control new file mode 100644 index 000000000..ba96eb5c2 --- /dev/null +++ b/target/linux/control/kmod-ipt-queue.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-queue +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel module for user-space packet queuing diff --git a/target/linux/control/kmod-ipt-ulog.control b/target/linux/control/kmod-ipt-ulog.control new file mode 100644 index 000000000..2ce0fdcae --- /dev/null +++ b/target/linux/control/kmod-ipt-ulog.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ulog +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel module for user-space packet logging diff --git a/target/linux/linux-2.4/Makefile b/target/linux/linux-2.4/Makefile index 76e5268a5..5a16a7ed6 100644 --- a/target/linux/linux-2.4/Makefile +++ b/target/linux/linux-2.4/Makefile @@ -50,6 +50,7 @@ ifeq ($(BOARD),ar7) include ./ar7.mk endif +include ../netfilter.mk # Networking @@ -62,6 +63,11 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \ ,CONFIG_NET_IPGRE)) +$(eval $(call KMOD_template,IMQ,imq,\ + $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.o \ + $(MODULES_DIR)/kernel/drivers/net/imq.o \ +)) + $(eval $(call KMOD_template,IPV6,ipv6,\ $(MODULES_DIR)/kernel/net/ipv6/ipv6.o \ ,CONFIG_IPV6,,20,ipv6)) @@ -107,11 +113,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\ $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \ ,CONFIG_BRIDGE_NF_EBTABLES)) -$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.o \ +# metapackage for compatibility ... +$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ +,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) + +$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ + $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ + $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m))) + +$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ + $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ + $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ )) -$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\ +$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \ ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) diff --git a/target/linux/linux-2.6/Makefile b/target/linux/linux-2.6/Makefile index f0ba690b5..8b96ff9bf 100644 --- a/target/linux/linux-2.6/Makefile +++ b/target/linux/linux-2.6/Makefile @@ -51,6 +51,7 @@ ifeq ($(BOARD),x86) include ./x86.mk endif +include ../netfilter.mk # Networking @@ -63,6 +64,11 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \ ,CONFIG_NET_IPGRE)) +$(eval $(call KMOD_template,IMQ,imq,\ + $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.ko \ + $(MODULES_DIR)/kernel/drivers/net/imq.ko \ +)) + $(eval $(call KMOD_template,IPV6,ipv6,\ $(MODULES_DIR)/kernel/net/ipv6/ipv6.ko \ ,CONFIG_IPV6,,20,ipv6)) @@ -105,11 +111,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\ $(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \ ,CONFIG_BRIDGE_NF_EBTABLES)) -$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.ko \ +# metapackage for compatibility ... +$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ +,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) + +$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ + $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ + $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m))) + +$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ + $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ + $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ )) -$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\ +$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \ ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) diff --git a/target/linux/netfilter.mk b/target/linux/netfilter.mk new file mode 100644 index 000000000..433c386d6 --- /dev/null +++ b/target/linux/netfilter.mk @@ -0,0 +1,136 @@ +# $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $
+
+#
+# kernel modules
+#
+
+IPKG_KMOD_IPT_CONNTRACK-m :=
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_KMOD_IPT_EXTRA-m :=
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_KMOD_IPT_FILTER-m :=
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_KMOD_IPT_IPOPT-m :=
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_KMOD_IPT_IPSEC-m :=
+IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_KMOD_IPT_NAT-m :=
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_KMOD_IPT_NAT_EXTRA-m :=
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
+
+IPKG_KMOD_IPT_QUEUE-m :=
+IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
+
+IPKG_KMOD_IPT_ULOG-m :=
+IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+
+#
+# iptables extensions
+#
+
+IPKG_IPTABLES-y := ipt_standard
+IPKG_IPTABLES-y := ipt_icmp ipt_tcp ipt_udp
+
+IPKG_IPTABLES_MOD_CONNTRACK-m :=
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_IPTABLES_MOD_EXTRA-m :=
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_IPTABLES_MOD_FILTER-m :=
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_IPTABLES_MOD_IMQ-m :=
+IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
+
+IPKG_IPTABLES_MOD_IPOPT-m :=
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_IPTABLES_MOD_IPSEC-m :=
+IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_IPTABLES_MOD_NAT-m :=
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_IPTABLES_MOD_ULOG-m :=
+IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y)
diff --git a/target/linux/rules.mk b/target/linux/rules.mk index f7e108658..be151ea10 100644 --- a/target/linux/rules.mk +++ b/target/linux/rules.mk @@ -37,10 +37,12 @@ endif $$(PKG_$(1)): $(LINUX_DIR)/.modules_done rm -rf $$(I_$(1)) - mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION) $(SCRIPT_DIR)/make-ipkg-dir.sh $$(I_$(1)) ../control/kmod-$(2).control $(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE) $(ARCH) echo "Depends: $$(IDEPEND_$(1))" >> $$(I_$(1))/CONTROL/control +ifneq ($(strip $(3)),) + mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION) cp $(3) $$(I_$(1))/lib/modules/$(LINUX_VERSION) +endif ifneq ($(6),) mkdir -p $$(I_$(1))/etc/modules.d for module in $(7); do \ |