diff options
author | Felix Fietkau <nbd@openwrt.org> | 2014-06-02 18:13:38 +0000 |
---|---|---|
committer | Felix Fietkau <nbd@openwrt.org> | 2014-06-02 18:13:38 +0000 |
commit | 4b241e98270ab83dcae8e678ee8066d65fdb44eb (patch) | |
tree | e0925d805f41e08ab0864e247bb2485362095e38 | |
parent | ae2c9a815a54a0d6e38e084a43d12476bfd265c6 (diff) | |
download | upstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.tar.gz upstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.tar.bz2 upstream-4b241e98270ab83dcae8e678ee8066d65fdb44eb.zip |
netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40983
-rw-r--r-- | include/netfilter.mk | 16 | ||||
-rw-r--r-- | package/kernel/linux/modules/netfilter.mk | 15 | ||||
-rw-r--r-- | package/network/utils/iptables/Makefile | 11 |
3 files changed, 35 insertions, 7 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 1ecbe02eab..906eb0f085 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -143,17 +143,19 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6))) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) -$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) +# ipv6 extra +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) +$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) + # nat # kernel only diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 974cca717f..316df69f02 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -420,6 +420,21 @@ endef $(eval $(call KernelPackage,ip6tables)) +define KernelPackage/ip6tables-extra + SUBMENU:=$(NF_MENU) + TITLE:=Extra IPv6 modules + DEPENDS:=+kmod-ip6tables + KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA) + FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m))) +endef + +define KernelPackage/ip6tables-extra/description + Netfilter IPv6 extra header matching modules +endef + +$(eval $(call KernelPackage,ip6tables-extra)) + ARP_MODULES = arp_tables arpt_mangle arptable_filter define KernelPackage/arptables SUBMENU:=$(NF_MENU) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 48b1879bd3..f6db428bcb 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -302,6 +302,16 @@ $(call Package/iptables/Default) endef +define Package/ip6tables-extra +$(call Package/iptables/Default) + DEPENDS:=ip6tables +kmod-ip6tables-extra + TITLE:=IPv6 header matching modules +endef + +define Package/ip6tables-mod-extra/description +iptables header matching modules for IPv6 +endef + define Package/ip6tables-mod-nat $(call Package/iptables/Default) DEPENDS:=ip6tables +kmod-ipt-nat6 @@ -459,6 +469,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) $(eval $(call BuildPackage,ip6tables)) +$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libip4tc)) |