diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-06-02 18:13:38 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-06-02 18:13:38 +0000 |
commit | 79ba645f994878d04f1099ff6400396b9345904b (patch) | |
tree | 67d6a1efc950950ba11b15883abd50656caecbf6 | |
parent | 6b987a07304aa45111ea6c43eabe4aa73ea7a6b2 (diff) | |
download | upstream-79ba645f994878d04f1099ff6400396b9345904b.tar.gz upstream-79ba645f994878d04f1099ff6400396b9345904b.tar.bz2 upstream-79ba645f994878d04f1099ff6400396b9345904b.zip |
netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40983 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | include/netfilter.mk | 16 | ||||
-rw-r--r-- | package/kernel/linux/modules/netfilter.mk | 15 | ||||
-rw-r--r-- | package/network/utils/iptables/Makefile | 11 |
3 files changed, 35 insertions, 7 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 1ecbe02eab..906eb0f085 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -143,17 +143,19 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6))) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) +# ipv6 extra +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) + # nat # kernel only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 974cca717f..316df69f02 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -420,6 +420,21 @@ endef $(eval $(call KernelPackage,ip6tables)) +define KernelPackage/ip6tables-extra + SUBMENU:=$(NF_MENU) + TITLE:=Extra IPv6 modules + DEPENDS:=+kmod-ip6tables + KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA) + FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m))) +endef + +define KernelPackage/ip6tables-extra/description + Netfilter IPv6 extra header matching modules +endef + +$(eval $(call KernelPackage,ip6tables-extra)) + ARP_MODULES = arp_tables arpt_mangle arptable_filter define KernelPackage/arptables SUBMENU:=$(NF_MENU) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 48b1879bd3..f6db428bcb 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -302,6 +302,16 @@ $(call Package/iptables/Default) endef +define Package/ip6tables-extra +$(call Package/iptables/Default) + DEPENDS:=ip6tables +kmod-ip6tables-extra + TITLE:=IPv6 header matching modules +endef + +define Package/ip6tables-mod-extra/description +iptables header matching modules for IPv6 +endef + define Package/ip6tables-mod-nat $(call Package/iptables/Default) DEPENDS:=ip6tables +kmod-ipt-nat6 @@ -459,6 +469,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) $(eval $(call BuildPackage,ip6tables)) +$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libip4tc)) |