diff options
| author | Yousong Zhou <yszhou4tech@gmail.com> | 2022-02-24 05:44:49 +0000 |
|---|---|---|
| committer | Yousong Zhou <yszhou4tech@gmail.com> | 2022-02-28 10:24:17 +0800 |
| commit | 4f443c885dede3331b969e6265a41a0ff1e3059a (patch) | |
| tree | ddc4811d5c153de84aafb93dff21958378d4b75f | |
| parent | 9c335accfe57f3049850b8fdb684c9e7e5feea82 (diff) | |
| download | upstream-4f443c885dede3331b969e6265a41a0ff1e3059a.tar.gz upstream-4f443c885dede3331b969e6265a41a0ff1e3059a.tar.bz2 upstream-4f443c885dede3331b969e6265a41a0ff1e3059a.zip | |
netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
| -rw-r--r-- | include/netfilter.mk | 13 | ||||
| -rw-r--r-- | package/kernel/linux/modules/netfilter.mk | 39 |
2 files changed, 45 insertions, 7 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 4602a1d412..751fabef19 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) -# tproxy +# socket +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +# tproxy +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) # led $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 75a06fb651..85780306f3 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -162,6 +162,28 @@ endef $(eval $(call KernelPackage,nf-flow)) +define KernelPackage/nf-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter socket lookup support + KCONFIG:= $(KCOFNIG_NF_SOCKET) + FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m))) +endef + +$(eval $(call KernelPackage,nf-socket)) + + +define KernelPackage/nf-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter tproxy support + KCONFIG:= $(KCOFNIG_NF_TPROXY) + FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m))) +endef + +$(eval $(call KernelPackage,nf-tproxy)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -645,9 +667,24 @@ endef $(eval $(call KernelPackage,ipt-led)) +define KernelPackage/ipt-socket + TITLE:=Iptables socket matching support + DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack + KCONFIG:=$(KCONFIG_IPT_SOCKET) + FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-socket/description + Kernel modules for socket matching +endef + +$(eval $(call KernelPackage,ipt-socket)) + define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables + DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack KCONFIG:=$(KCONFIG_IPT_TPROXY) FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) |