aboutsummaryrefslogtreecommitdiffstats
path: root/package/kernel
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@nbd.name>2018-02-05 13:35:24 +0100
committerFelix Fietkau <nbd@nbd.name>2018-02-21 20:12:42 +0100
commit103335644265d96c656a7de3d5994fbd11246300 (patch)
tree2b19dea75e812b8240d6a458f0ed6dd22a8148b2 /package/kernel
parentb7265c59ab7dd0ec5dccb96e7b0dc1432404feb7 (diff)
downloadupstream-103335644265d96c656a7de3d5994fbd11246300.tar.gz
upstream-103335644265d96c656a7de3d5994fbd11246300.tar.bz2
upstream-103335644265d96c656a7de3d5994fbd11246300.zip
kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added later. Includes a number of related upstream nftables improvements to simplify backporting follow-up changes Signed-off-by: John Crispin <john@phrozen.org> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'package/kernel')
-rw-r--r--package/kernel/linux/modules/netfilter.mk37
1 files changed, 37 insertions, 0 deletions
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 82d5604841..57d68d4a55 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -140,6 +140,23 @@ endef
$(eval $(call KernelPackage,nf-nat6))
+define KernelPackage/nf-flow
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter flowtable support
+ KCONFIG:= \
+ CONFIG_NETFILTER_INGRESS=y \
+ CONFIG_NF_FLOW_TABLE \
+ CONFIG_NF_FLOW_TABLE_HW
+ DEPENDS:=+kmod-nf-conntrack +kmod-nft-core @!LINUX_3_18 @!LINUX_4_4 @!LINUX_4_9
+ FILES:= \
+ $(LINUX_DIR)/net/netfilter/nf_flow_table.ko \
+ $(LINUX_DIR)/net/netfilter/nf_flow_table_hw.ko
+ AUTOLOAD:=$(call AutoProbe,nf_flow_table nf_flow_table_hw)
+endef
+
+$(eval $(call KernelPackage,nf-flow))
+
+
define AddDepends/ipt
SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ipt-core $(1)
@@ -970,6 +987,26 @@ endef
$(eval $(call KernelPackage,nft-nat))
+define KernelPackage/nft-offload
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter nf_tables routing/NAT offload support
+ DEPENDS:=+kmod-nf-flow +kmod-nft-nat
+ KCONFIG:= \
+ CONFIG_NF_FLOW_TABLE_INET \
+ CONFIG_NF_FLOW_TABLE_IPV4 \
+ CONFIG_NF_FLOW_TABLE_IPV6 \
+ CONFIG_NFT_FLOW_OFFLOAD
+ FILES:= \
+ $(LINUX_DIR)/net/netfilter/nf_flow_table_inet.ko \
+ $(LINUX_DIR)/net/ipv4/netfilter/nf_flow_table_ipv4.ko \
+ $(LINUX_DIR)/net/ipv6/netfilter/nf_flow_table_ipv6.ko \
+ $(LINUX_DIR)/net/netfilter/nft_flow_offload.ko
+ AUTOLOAD:=$(call AutoProbe,nf_flow_table_inet nf_flow_table_ipv4 nf_flow_table_ipv6 nft_flow_offload)
+endef
+
+$(eval $(call KernelPackage,nft-offload))
+
+
define KernelPackage/nft-nat6
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables IPv6-NAT support