Skip to content

Commit

Permalink
netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy
Browse files Browse the repository at this point in the history 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
  • Loading branch information
@yousong
yousong committed Feb 28, 2022
1 parent 9c335ac commit 4f443c8
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 7 deletions.
13 changes: 7 additions & 6 deletions include/netfilter.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N

$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))

# tproxy
# socket
$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))

$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
# tproxy
$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))

# led
$(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
Expand Down
39 changes: 38 additions & 1 deletion package/kernel/linux/modules/netfilter.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,6 +162,28 @@ endef
$(eval $(call KernelPackage,nf-flow))


define KernelPackage/nf-socket
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter socket lookup support
KCONFIG:= $(KCOFNIG_NF_SOCKET)
FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
endef

$(eval $(call KernelPackage,nf-socket))


define KernelPackage/nf-tproxy
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter tproxy support
KCONFIG:= $(KCOFNIG_NF_TPROXY)
FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
endef

$(eval $(call KernelPackage,nf-tproxy))


define AddDepends/ipt
SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ipt-core $(1)
Expand Down Expand Up @@ -645,9 +667,24 @@ endef

$(eval $(call KernelPackage,ipt-led))

define KernelPackage/ipt-socket
TITLE:=Iptables socket matching support
DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
KCONFIG:=$(KCONFIG_IPT_SOCKET)
FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
$(call AddDepends/ipt)
endef

define KernelPackage/ipt-socket/description
Kernel modules for socket matching
endef

$(eval $(call KernelPackage,ipt-socket))

define KernelPackage/ipt-tproxy
TITLE:=Transparent proxying support
DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables
DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
KCONFIG:=$(KCONFIG_IPT_TPROXY)
FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))
Expand Down

0 comments on commit 4f443c8

Please sign in to comment.