From 49be26db3b5a96efbc912becc474a7043ac26318 Mon Sep 17 00:00:00 2001 From: nico Date: Fri, 11 Nov 2005 18:59:20 +0000 Subject: backport netfilter modules split introduced by changeset:2083 in whiterussian (fix ticket:40) git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2430 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- target/linux/Config.in | 132 +++++++++++++++++++++-- target/linux/control/kmod-imq.control | 4 + target/linux/control/kmod-ipt-conntrack.control | 4 + target/linux/control/kmod-ipt-extra.control | 4 + target/linux/control/kmod-ipt-filter.control | 4 + target/linux/control/kmod-ipt-ipopt.control | 4 + target/linux/control/kmod-ipt-ipsec.control | 4 + target/linux/control/kmod-ipt-nat-extra.control | 4 + target/linux/control/kmod-ipt-nat.control | 4 + target/linux/control/kmod-ipt-queue.control | 4 + target/linux/control/kmod-ipt-ulog.control | 4 + target/linux/linux-2.4/Makefile | 48 ++++++++- target/linux/linux-2.6/Makefile | 48 ++++++++- target/linux/netfilter.mk | 136 ++++++++++++++++++++++++ target/linux/rules.mk | 4 +- 15 files changed, 395 insertions(+), 13 deletions(-) create mode 100644 target/linux/control/kmod-imq.control create mode 100644 target/linux/control/kmod-ipt-conntrack.control create mode 100644 target/linux/control/kmod-ipt-extra.control create mode 100644 target/linux/control/kmod-ipt-filter.control create mode 100644 target/linux/control/kmod-ipt-ipopt.control create mode 100644 target/linux/control/kmod-ipt-ipsec.control create mode 100644 target/linux/control/kmod-ipt-nat-extra.control create mode 100644 target/linux/control/kmod-ipt-nat.control create mode 100644 target/linux/control/kmod-ipt-queue.control create mode 100644 target/linux/control/kmod-ipt-ulog.control create mode 100644 target/linux/netfilter.mk diff --git a/target/linux/Config.in b/target/linux/Config.in index ba8e4113c..cd7febae7 100644 --- a/target/linux/Config.in +++ b/target/linux/Config.in @@ -188,21 +188,141 @@ config BR2_PACKAGE_KMOD_EBTABLES help Kernel modules for bridge firewalling -config BR2_PACKAGE_KMOD_IPTABLES_V4 - prompt "kmod-iptables..................... Basic set of kernel modules for iptables" +config BR2_PACKAGE_KMOD_IPTABLES + prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling" tristate default y help Kernel modules for IPv4 firewalling -config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA - prompt "kmod-iptables-extra............... Extra modules for iptables" +config BR2_PACKAGE_KMOD_IPTABLES_EXTRA + prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)" tristate default m + select BR2_PACKAGE_KMOD_IPT_CONNTRACK + select BR2_PACKAGE_KMOD_IPT_FILTER + select BR2_PACKAGE_KMOD_IPT_IPOPT + select BR2_PACKAGE_KMOD_IPT_IPSEC + select BR2_PACKAGE_KMOD_IPT_NAT + select BR2_PACKAGE_KMOD_IPT_NAT_EXTRA + select BR2_PACKAGE_KMOD_IPT_QUEUE + select BR2_PACKAGE_KMOD_IPT_ULOG + select BR2_PACKAGE_KMOD_IPT_EXTRA help - Extra kernel modules for IPv4 firewalling + Extra Netfilter kernel modules for IPv4 firewalling (meta-package) -config BR2_PACKAGE_KMOD_IPTABLES_V6 +config BR2_PACKAGE_KMOD_IPT_CONNTRACK + prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking" + tristate + default m + help + Netfilter (IPv4) kernel modules for connection tracking + + Includes: + * ipt_conntrack + * ipt_helper + * ipt_connmark/CONNMARK + +config BR2_PACKAGE_KMOD_IPT_FILTER + prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection" + tristate + default m + help + Netfilter (IPv4) kernel modules for packet content inspection + + Includes: + * ipt_ipp2p + * ipt_layer7 + +config BR2_PACKAGE_KMOD_IPT_IPOPT + prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options" + tristate + default m + help + Netfilter (IPv4) kernel modules for matching/changing IP packet options + + Includes: + * ipt_dscp/DSCP + * ipt_ecn/ECN + * ipt_length + * ipt_mac + * ipt_tos/TOS + * ipt_tcpmms + * ipt_ttl/TTL + * ipt_unclean + +config BR2_PACKAGE_KMOD_IPT_IPSEC + prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets" + tristate + default m + help + Netfilter (IPv4) kernel modules for matching IPsec packets + + Includes: + * ipt_ah + * ipt_esp + +config BR2_PACKAGE_KMOD_IPT_NAT + prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets" + tristate + default m + help + Netfilter (IPv4) kernel modules for different NAT targets + + Includes: + * ipt_REDIRECT + +config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA + prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols" + tristate + default m + help + Extra Netfilter (IPv4) NAT kernel modules for special protocols + + Includes: + * ip_conntrack_amanda + * ip_conntrack_proto_gre + * ip_nat_proto_gre + * ip_conntrack_pptp + * ip_nat_pptp + * ip_nat_snmp_basic + * ip_conntrack_tftp + +config BR2_PACKAGE_KMOD_IPT_QUEUE + prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing" + tristate + default m + help + Netfilter (IPv4) module for user-space packet queueing + + Includes: + * ipt_QUEUE + +config BR2_PACKAGE_KMOD_IPT_ULOG + prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging" + tristate + default m + help + Netfilter (IPv4) module for user-space packet logging + + Includes: + * ipt_ULOG + +config BR2_PACKAGE_KMOD_IPT_EXTRA + prompt "kmod-ipt-extra.................... Other extra Netfilter modules" + tristate + default m + help + Other extra Netfilter (IPv4) kernel modules + + Includes: + * ipt_limit + * ipt_owner + * ipt_physdev + * ipt_pkttype + * ipt_recent + +config BR2_PACKAGE_KMOD_IP6TABLES prompt "kmod-ip6tables.................... Kernel modules for ip6tables" tristate default m diff --git a/target/linux/control/kmod-imq.control b/target/linux/control/kmod-imq.control new file mode 100644 index 000000000..78925a40b --- /dev/null +++ b/target/linux/control/kmod-imq.control @@ -0,0 +1,4 @@ +Package: kmod-imq +Priority: optional +Section: net +Description: Kernel support for the Intermediate Queueing device diff --git a/target/linux/control/kmod-ipt-conntrack.control b/target/linux/control/kmod-ipt-conntrack.control new file mode 100644 index 000000000..3528ec4e0 --- /dev/null +++ b/target/linux/control/kmod-ipt-conntrack.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-conntrack +Priority: optional +Section: net +Description: Extra Netfilter (IPv4) kernel modules for connection tracking diff --git a/target/linux/control/kmod-ipt-extra.control b/target/linux/control/kmod-ipt-extra.control new file mode 100644 index 000000000..d336cc300 --- /dev/null +++ b/target/linux/control/kmod-ipt-extra.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-extra +Priority: optional +Section: net +Description: Other extra Netfilter (IPv4) kernel modules diff --git a/target/linux/control/kmod-ipt-filter.control b/target/linux/control/kmod-ipt-filter.control new file mode 100644 index 000000000..8f5684d49 --- /dev/null +++ b/target/linux/control/kmod-ipt-filter.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-filter +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for packet content inspection diff --git a/target/linux/control/kmod-ipt-ipopt.control b/target/linux/control/kmod-ipt-ipopt.control new file mode 100644 index 000000000..f0c9856d0 --- /dev/null +++ b/target/linux/control/kmod-ipt-ipopt.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ipopt +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for matching/changing IP packet options diff --git a/target/linux/control/kmod-ipt-ipsec.control b/target/linux/control/kmod-ipt-ipsec.control new file mode 100644 index 000000000..6baa3d444 --- /dev/null +++ b/target/linux/control/kmod-ipt-ipsec.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ipsec +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for matching special IPsec packets diff --git a/target/linux/control/kmod-ipt-nat-extra.control b/target/linux/control/kmod-ipt-nat-extra.control new file mode 100644 index 000000000..84b429453 --- /dev/null +++ b/target/linux/control/kmod-ipt-nat-extra.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-nat-extra +Priority: optional +Section: net +Description: Extra Netfilter (IPv4) NAT kernel modules for special protocols diff --git a/target/linux/control/kmod-ipt-nat.control b/target/linux/control/kmod-ipt-nat.control new file mode 100644 index 000000000..89fc8434b --- /dev/null +++ b/target/linux/control/kmod-ipt-nat.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-nat +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel modules for different NAT targets diff --git a/target/linux/control/kmod-ipt-queue.control b/target/linux/control/kmod-ipt-queue.control new file mode 100644 index 000000000..ba96eb5c2 --- /dev/null +++ b/target/linux/control/kmod-ipt-queue.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-queue +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel module for user-space packet queuing diff --git a/target/linux/control/kmod-ipt-ulog.control b/target/linux/control/kmod-ipt-ulog.control new file mode 100644 index 000000000..2ce0fdcae --- /dev/null +++ b/target/linux/control/kmod-ipt-ulog.control @@ -0,0 +1,4 @@ +Package: kmod-ipt-ulog +Priority: optional +Section: net +Description: Netfilter (IPv4) kernel module for user-space packet logging diff --git a/target/linux/linux-2.4/Makefile b/target/linux/linux-2.4/Makefile index 76e5268a5..5a16a7ed6 100644 --- a/target/linux/linux-2.4/Makefile +++ b/target/linux/linux-2.4/Makefile @@ -50,6 +50,7 @@ ifeq ($(BOARD),ar7) include ./ar7.mk endif +include ../netfilter.mk # Networking @@ -62,6 +63,11 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \ ,CONFIG_NET_IPGRE)) +$(eval $(call KMOD_template,IMQ,imq,\ + $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.o \ + $(MODULES_DIR)/kernel/drivers/net/imq.o \ +)) + $(eval $(call KMOD_template,IPV6,ipv6,\ $(MODULES_DIR)/kernel/net/ipv6/ipv6.o \ ,CONFIG_IPV6,,20,ipv6)) @@ -107,11 +113,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\ $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \ ,CONFIG_BRIDGE_NF_EBTABLES)) -$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.o \ +# metapackage for compatibility ... +$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ +,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) + +$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ + $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ + $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m))) + +$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ + $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ +)) + +$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ + $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \ )) -$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\ +$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \ ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) diff --git a/target/linux/linux-2.6/Makefile b/target/linux/linux-2.6/Makefile index f0ba690b5..8b96ff9bf 100644 --- a/target/linux/linux-2.6/Makefile +++ b/target/linux/linux-2.6/Makefile @@ -51,6 +51,7 @@ ifeq ($(BOARD),x86) include ./x86.mk endif +include ../netfilter.mk # Networking @@ -63,6 +64,11 @@ $(eval $(call KMOD_template,GRE,gre,\ $(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \ ,CONFIG_NET_IPGRE)) +$(eval $(call KMOD_template,IMQ,imq,\ + $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.ko \ + $(MODULES_DIR)/kernel/drivers/net/imq.ko \ +)) + $(eval $(call KMOD_template,IPV6,ipv6,\ $(MODULES_DIR)/kernel/net/ipv6/ipv6.ko \ ,CONFIG_IPV6,,20,ipv6)) @@ -105,11 +111,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\ $(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \ ,CONFIG_BRIDGE_NF_EBTABLES)) -$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\ - $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.ko \ +# metapackage for compatibility ... +$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\ +,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd)) + +$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\ + $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\ + $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\ + $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\ + $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m))) + +$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\ + $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ +)) + +$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\ + $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \ )) -$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\ +$(eval $(call KMOD_template,IP6TABLES,ip6tables,\ $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \ ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6)) diff --git a/target/linux/netfilter.mk b/target/linux/netfilter.mk new file mode 100644 index 000000000..433c386d6 --- /dev/null +++ b/target/linux/netfilter.mk @@ -0,0 +1,136 @@ +# $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $ + +# +# kernel modules +# + +IPKG_KMOD_IPT_CONNTRACK-m := +IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack +IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper +IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark +IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK +IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state + +IPKG_KMOD_IPT_EXTRA-m := +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent +IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT + +IPKG_KMOD_IPT_FILTER-m := +IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p +IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7 + +IPKG_KMOD_IPT_IPOPT-m := +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL +IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean + +IPKG_KMOD_IPT_IPSEC-m := +IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp + +IPKG_KMOD_IPT_NAT-m := +IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE +IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR +IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT + +IPKG_KMOD_IPT_NAT_EXTRA-m := +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic +IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp + +IPKG_KMOD_IPT_QUEUE-m := +IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue + +IPKG_KMOD_IPT_ULOG-m := +IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG + + +# +# iptables extensions +# + +IPKG_IPTABLES-y := ipt_standard +IPKG_IPTABLES-y := ipt_icmp ipt_tcp ipt_udp + +IPKG_IPTABLES_MOD_CONNTRACK-m := +IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark +IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK +IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack +IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper +IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state + +IPKG_IPTABLES_MOD_EXTRA-m := +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent +IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT + +IPKG_IPTABLES_MOD_FILTER-m := +IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p +IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7 + +IPKG_IPTABLES_MOD_IMQ-m := +IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ + +IPKG_IPTABLES_MOD_IPOPT-m := +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL +IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean + +IPKG_IPTABLES_MOD_IPSEC-m := +IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp + +IPKG_IPTABLES_MOD_NAT-m := +IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT +IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE +IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR +IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT + +IPKG_IPTABLES_MOD_ULOG-m := +IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG + +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y) +IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y) diff --git a/target/linux/rules.mk b/target/linux/rules.mk index f7e108658..be151ea10 100644 --- a/target/linux/rules.mk +++ b/target/linux/rules.mk @@ -37,10 +37,12 @@ endif $$(PKG_$(1)): $(LINUX_DIR)/.modules_done rm -rf $$(I_$(1)) - mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION) $(SCRIPT_DIR)/make-ipkg-dir.sh $$(I_$(1)) ../control/kmod-$(2).control $(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE) $(ARCH) echo "Depends: $$(IDEPEND_$(1))" >> $$(I_$(1))/CONTROL/control +ifneq ($(strip $(3)),) + mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION) cp $(3) $$(I_$(1))/lib/modules/$(LINUX_VERSION) +endif ifneq ($(6),) mkdir -p $$(I_$(1))/etc/modules.d for module in $(7); do \ -- cgit v1.2.3