aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2014-11-03 22:01:45 +0000
committerFelix Fietkau <nbd@openwrt.org>2014-11-03 22:01:45 +0000
commit224bfe9779e7702748a450cc700742ec065c0fa2 (patch)
tree78f139902a1d4008c5aefc5209b07f749d7d9e62 /package/kernel
parent1b0343012a2aeb8fd6e06fadd79daba7a2db59d9 (diff)
downloadupstream-224bfe9779e7702748a450cc700742ec065c0fa2.tar.gz
upstream-224bfe9779e7702748a450cc700742ec065c0fa2.tar.bz2
upstream-224bfe9779e7702748a450cc700742ec065c0fa2.zip
netfilter: Enable compiling iptables match cluster
This patch adds the userspace and kernelspace for - match NETFILTER_XT_MATCH_CLUSTER This match can be used to deploy gateway and back-end load-sharing clusters. - target IP_NF_TARGET_CLUSTERIP This module allows you to configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them. Connections are statically distributed between the nodes in this cluster. This is used i.e. by strongswan-ha. Signed-off-by: Christian Scheele <cs@embedd.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43174 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/kernel')
-rw-r--r--package/kernel/linux/modules/netfilter.mk48
1 files changed, 48 insertions, 0 deletions
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 7621c7f945..2cb769dead 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -496,6 +496,54 @@ endef
$(eval $(call KernelPackage,ipt-iprange))
+define KernelPackage/ipt-cluster
+ TITLE:=Module for matching cluster
+ KCONFIG:=$(KCONFIG_IPT_CLUSTER)
+ FILES:=$(foreach mod,$(IPT_CLUSTER-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTER-m)))
+ $(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-cluster/description
+ Netfilter (IPv4/IPv6) module for matching cluster
+ This option allows you to build work-load-sharing clusters of
+ network servers/stateful firewalls without having a dedicated
+ load-balancing router/server/switch. Basically, this match returns
+ true when the packet must be handled by this cluster node. Thus,
+ all nodes see all packets and this match decides which node handles
+ what packets. The work-load sharing algorithm is based on source
+ address hashing.
+
+ This module is usable for ipv4 and ipv6.
+
+ To use it also enable iptables-mod-cluster
+
+ see `iptables -m cluster --help` for more information.
+endef
+
+$(eval $(call KernelPackage,ipt-cluster))
+
+define KernelPackage/ipt-clusterip
+ TITLE:=Module for CLUSTERIP
+ KCONFIG:=$(KCONFIG_IPT_CLUSTERIP)
+ FILES:=$(foreach mod,$(IPT_CLUSTERIP-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CLUSTERIP-m)))
+ $(call AddDepends/ipt,+kmod-nf-conntrack)
+endef
+
+define KernelPackage/ipt-clusterip/description
+ Netfilter (IPv4-only) module for CLUSTERIP
+ The CLUSTERIP target allows you to build load-balancing clusters of
+ network servers without having a dedicated load-balancing
+ router/server/switch.
+
+ To use it also enable iptables-mod-clusterip
+
+ see `iptables -j CLUSTERIP --help` for more information.
+endef
+
+$(eval $(call KernelPackage,ipt-clusterip))
+
define KernelPackage/ipt-extra
TITLE:=Extra modules