From 352c74fcb416b98e2dd44be3881fe5a48be0e71d Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 25 Jan 2018 19:31:40 +0100 Subject: [PATCH] netfilter: add packages for arp and bridge tables of nftables Signed-off-by: Matthias Schiffer --- include/netfilter.mk | 12 ++++++++-- package/kernel/linux/modules/netfilter.mk | 28 +++++++++++++++++++++-- 2 files changed, 36 insertions(+), 4 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index e054f6fed0..c99b6fb3f7 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -340,15 +340,23 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV6, $(P_V $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REDIR, $(P_XT)nft_redir, ge 3.19.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_QUOTA, $(P_XT)nft_quota, ge 4.9.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_ARP,CONFIG_NF_TABLES_ARP, $(P_V4)nf_tables_arp),)) + +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_TABLES_BRIDGE, $(P_EBT)nf_tables_bridge),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),)) + $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_CHAIN_NAT_IPV4, $(P_V4)nft_chain_nat_ipv4),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4, ge 3.19.0),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),)) -$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ, $(P_XT)nft_masq),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ_IPV4, $(P_V4)nft_masq_ipv4),)) + +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_MASQ_IPV6, $(P_V6)nft_masq_ipv6),)) + # userland only IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m) IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 410031b72c..ca3427152f 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -907,8 +907,6 @@ define KernelPackage/nft-core KCONFIG:= \ CONFIG_NFT_COMPAT=n \ CONFIG_NFT_QUEUE=n \ - CONFIG_NF_TABLES_ARP=n \ - CONFIG_NF_TABLES_BRIDGE=n \ $(KCONFIG_NFT_CORE) endef @@ -919,6 +917,32 @@ endef $(eval $(call KernelPackage,nft-core)) +define KernelPackage/nft-arp + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables ARP table support + DEPENDS:=+kmod-nft-core + FILES:=$(foreach mod,$(NFT_ARP-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_ARP-m))) + KCONFIG:=$(KCONFIG_NFT_ARP) +endef + +$(eval $(call KernelPackage,nft-arp)) + + +define KernelPackage/nft-bridge + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter nf_tables bridge table support + DEPENDS:=+kmod-nft-core + FILES:=$(foreach mod,$(NFT_BRIDGE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_BRIDGE-m))) + KCONFIG:= \ + CONFIG_NF_LOG_BRIDGE=n \ + $(KCONFIG_NFT_BRIDGE) +endef + +$(eval $(call KernelPackage,nft-bridge)) + + define KernelPackage/nft-nat SUBMENU:=$(NF_MENU) TITLE:=Netfilter nf_tables NAT support