aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlin Nastac <alin.nastac@gmail.com>2018-06-25 10:22:21 +0200
committerJo-Philipp Wich <jo@mein.io>2018-12-18 09:44:01 +0100
commit7408cdaa310fe75a6da3d4de165d84fcde123c62 (patch)
tree29e7247935df20f2330bbd127f81edb0bcf36e9a
parent9f8f5d4d142ad14d9ed68f79e051d8007fb2ef89 (diff)
downloadupstream-7408cdaa310fe75a6da3d4de165d84fcde123c62.tar.gz
upstream-7408cdaa310fe75a6da3d4de165d84fcde123c62.tar.bz2
upstream-7408cdaa310fe75a6da3d4de165d84fcde123c62.zip
netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> (backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)
-rw-r--r--include/netfilter.mk1
-rw-r--r--package/kernel/linux/modules/netfilter.mk1
-rw-r--r--package/network/utils/iptables/Makefile1
3 files changed, 3 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d532cea5b..510aa183ca 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
# filter
$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
# ipopt
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 55226bf629..3d01ccecf8 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
Netfilter (IPv4) kernel modules for packet content inspection
Includes:
- string
+ - bpf
endef
$(eval $(call KernelPackage,ipt-filter))
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 1d758ed07d..9c7179c51d 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -150,6 +150,7 @@ Includes support for:
Matches:
- string
+ - bpf
endef