[PATCH 1/3] netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Yousong Zhou
yszhou4tech at gmail.com
Thu Feb 24 19:09:53 PST 2022
Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
---
include/netfilter.mk | 13 ++++----
package/kernel/linux/modules/netfilter.mk | 39 ++++++++++++++++++++++-
2 files changed, 45 insertions(+), 7 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 4602a1d412..751fabef19 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N
$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
-# tproxy
+# socket
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+# tproxy
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
# led
$(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 75a06fb651..85780306f3 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -162,6 +162,28 @@ endef
$(eval $(call KernelPackage,nf-flow))
+define KernelPackage/nf-socket
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter socket lookup support
+ KCONFIG:= $(KCOFNIG_NF_SOCKET)
+ FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
+endef
+
+$(eval $(call KernelPackage,nf-socket))
+
+
+define KernelPackage/nf-tproxy
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter tproxy support
+ KCONFIG:= $(KCOFNIG_NF_TPROXY)
+ FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
+endef
+
+$(eval $(call KernelPackage,nf-tproxy))
+
+
define AddDepends/ipt
SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ipt-core $(1)
@@ -645,9 +667,24 @@ endef
$(eval $(call KernelPackage,ipt-led))
+define KernelPackage/ipt-socket
+ TITLE:=Iptables socket matching support
+ DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
+ KCONFIG:=$(KCONFIG_IPT_SOCKET)
+ FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
+ $(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-socket/description
+ Kernel modules for socket matching
+endef
+
+$(eval $(call KernelPackage,ipt-socket))
+
define KernelPackage/ipt-tproxy
TITLE:=Transparent proxying support
- DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
+ DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
KCONFIG:=$(KCONFIG_IPT_TPROXY)
FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
More information about the openwrt-devel
mailing list