[openwrt/openwrt] netfilter: add packages for arp and bridge tables of nftables
LEDE Commits
lede-commits at lists.infradead.org
Wed Jan 31 04:53:37 PST 2018
neoraider pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/352c74fcb416b98e2dd44be3881fe5a48be0e71d
commit 352c74fcb416b98e2dd44be3881fe5a48be0e71d
Author: Matthias Schiffer <mschiffer at universe-factory.net>
AuthorDate: Thu Jan 25 19:31:40 2018 +0100
netfilter: add packages for arp and bridge tables of nftables
Signed-off-by: Matthias Schiffer <mschiffer at universe-factory.net>
---
include/netfilter.mk | 12 ++++++++++--
package/kernel/linux/modules/netfilter.mk | 28 ++++++++++++++++++++++++++--
2 files changed, 36 insertions(+), 4 deletions(-)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index e054f6f..c99b6fb 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -340,15 +340,23 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV6, $(P_V
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REDIR, $(P_XT)nft_redir, ge 3.19.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_QUOTA, $(P_XT)nft_quota, ge 4.9.0),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_ARP,CONFIG_NF_TABLES_ARP, $(P_V4)nf_tables_arp),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_TABLES_BRIDGE, $(P_EBT)nf_tables_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_CHAIN_NAT_IPV4, $(P_V4)nft_chain_nat_ipv4),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4, ge 3.19.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ, $(P_XT)nft_masq),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ_IPV4, $(P_V4)nft_masq_ipv4),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_MASQ_IPV6, $(P_V6)nft_masq_ipv6),))
+
# userland only
IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 410031b..ca34271 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -907,8 +907,6 @@ define KernelPackage/nft-core
KCONFIG:= \
CONFIG_NFT_COMPAT=n \
CONFIG_NFT_QUEUE=n \
- CONFIG_NF_TABLES_ARP=n \
- CONFIG_NF_TABLES_BRIDGE=n \
$(KCONFIG_NFT_CORE)
endef
@@ -919,6 +917,32 @@ endef
$(eval $(call KernelPackage,nft-core))
+define KernelPackage/nft-arp
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter nf_tables ARP table support
+ DEPENDS:=+kmod-nft-core
+ FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m)))
+ KCONFIG:=$(KCONFIG_NFT_ARP)
+endef
+
+$(eval $(call KernelPackage,nft-arp))
+
+
+define KernelPackage/nft-bridge
+ SUBMENU:=$(NF_MENU)
+ TITLE:=Netfilter nf_tables bridge table support
+ DEPENDS:=+kmod-nft-core
+ FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko)
+ AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m)))
+ KCONFIG:= \
+ CONFIG_NF_LOG_BRIDGE=n \
+ $(KCONFIG_NFT_BRIDGE)
+endef
+
+$(eval $(call KernelPackage,nft-bridge))
+
+
define KernelPackage/nft-nat
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables NAT support
More information about the lede-commits
mailing list