aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2014-06-02 18:13:38 +0000
committerFelix Fietkau <nbd@openwrt.org>2014-06-02 18:13:38 +0000
commit4b241e98270ab83dcae8e678ee8066d65fdb44eb (patch)
treee0925d805f41e08ab0864e247bb2485362095e38
parentae2c9a815a54a0d6e38e084a43d12476bfd265c6 (diff)
downloadupstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.tar.gz
upstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.tar.bz2
upstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.zip
netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage)
Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40983
-rw-r--r--include/netfilter.mk16
-rw-r--r--package/kernel/linux/modules/netfilter.mk15
-rw-r--r--package/network/utils/iptables/Makefile11
3 files changed, 35 insertions, 7 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 1ecbe02eab..906eb0f085 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -143,17 +143,19 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
+# ipv6 extra
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
+$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
+
# nat
# kernel only
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 974cca717f..316df69f02 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -420,6 +420,21 @@ endef
$(eval $(call KernelPackage,ip6tables))
+define KernelPackage/ip6tables-extra
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Extra IPv6 modules
+ DEPENDS:=+kmod-ip6tables
+ KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
+ FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
+endef
+
+define KernelPackage/ip6tables-extra/description
+ Netfilter IPv6 extra header matching modules
+endef
+
+$(eval $(call KernelPackage,ip6tables-extra))
+
ARP_MODULES = arp_tables arpt_mangle arptable_filter
define KernelPackage/arptables
SUBMENU:=$(NF_MENU)
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 48b1879bd3..f6db428bcb 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -302,6 +302,16 @@ $(call Package/iptables/Default)
endef
+define Package/ip6tables-extra
+$(call Package/iptables/Default)
+ DEPENDS:=ip6tables +kmod-ip6tables-extra
+ TITLE:=IPv6 header matching modules
+endef
+
+define Package/ip6tables-mod-extra/description
+iptables header matching modules for IPv6
+endef
+
define Package/ip6tables-mod-nat
$(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ipt-nat6
@@ -459,6 +469,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPackage,ip6tables))
+$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc))