[source] kernel: netfilter: split out iptable_raw into a separate package
LEDE Commits
lede-commits at lists.infradead.org
Wed Dec 14 03:14:00 PST 2016
nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/970dd4dd58c1f1c1b4cde69a732483aacdc0236a
commit 970dd4dd58c1f1c1b4cde69a732483aacdc0236a
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Dec 13 14:54:55 2016 +0100
kernel: netfilter: split out iptable_raw into a separate package
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
include/netfilter.mk | 2 --
package/kernel/linux/modules/netfilter.mk | 22 ++++++++++++++++++++++
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index a4e495e..c408ac6 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -71,7 +71,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
-$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw))
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_CONNTRACK, $(P_XT)xt_conntrack))
@@ -150,7 +149,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table_raw),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index c21f58d..bc2f349 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -289,6 +289,28 @@ endef
$(eval $(call KernelPackage,ipt-nat))
+define KernelPackage/ipt-raw
+ TITLE:=Netfilter IPv4 raw table support
+ KCONFIG:=CONFIG_IP_NF_RAW
+ FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
+ AUTOLOAD:=$(call AutoProbe,iptable_raw)
+ $(call AddDepends/ipt)
+endef
+
+$(eval $(call KernelPackage,ipt-raw))
+
+
+define KernelPackage/ipt-raw6
+ TITLE:=Netfilter IPv6 raw table support
+ KCONFIG:=CONFIG_IP6_NF_RAW
+ FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
+ AUTOLOAD:=$(call AutoProbe,ip6table_raw)
+ $(call AddDepends/ipt,+kmod-ip6tables)
+endef
+
+$(eval $(call KernelPackage,ipt-raw6))
+
+
define KernelPackage/ipt-nat6
TITLE:=IPv6 NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT6)
More information about the lede-commits
mailing list