[OpenWrt-Devel] [PATCH v2] netfilter: add bpf match support
Alin Nastac
alin.nastac at gmail.com
Mon Jun 25 04:22:21 EDT 2018
From: Alin Nastac <alin.nastac at gmail.com>
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.
Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.
Signed-off-by: Alin Nastac <alin.nastac at gmail.com>
---
include/netfilter.mk | 1 +
package/kernel/linux/modules/netfilter.mk | 1 +
package/network/utils/iptables/Makefile | 1 +
3 files changed, 3 insertions(+)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d532ce..510aa18 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
# filter
$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
# ipopt
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 51f3544..be469fa 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
Netfilter (IPv4) kernel modules for packet content inspection
Includes:
- string
+ - bpf
endef
$(eval $(call KernelPackage,ipt-filter))
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index 44e24b2..1bc771b 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -150,6 +150,7 @@ Includes support for:
Matches:
- string
+ - bpf
endef
--
2.7.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list