netfilter: split off header matching modules not used by the default config (reduces rootfs size and memory usage)

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 40983
This commit is contained in:
Felix Fietkau 2014-06-02 18:13:38 +00:00
parent ae2c9a815a
commit 4b241e9827
3 changed files with 35 additions and 7 deletions

View file

@ -143,17 +143,19 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6))) $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
# ipv6 extra
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
$(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
# nat # nat
# kernel only # kernel only

View file

@ -420,6 +420,21 @@ endef
$(eval $(call KernelPackage,ip6tables)) $(eval $(call KernelPackage,ip6tables))
define KernelPackage/ip6tables-extra
SUBMENU:=$(NF_MENU)
TITLE:=Extra IPv6 modules
DEPENDS:=+kmod-ip6tables
KCONFIG:=$(KCONFIG_IPT_IPV6_EXTRA)
FILES:=$(foreach mod,$(IPT_IPV6_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_IPV6_EXTRA-m)))
endef
define KernelPackage/ip6tables-extra/description
Netfilter IPv6 extra header matching modules
endef
$(eval $(call KernelPackage,ip6tables-extra))
ARP_MODULES = arp_tables arpt_mangle arptable_filter ARP_MODULES = arp_tables arpt_mangle arptable_filter
define KernelPackage/arptables define KernelPackage/arptables
SUBMENU:=$(NF_MENU) SUBMENU:=$(NF_MENU)

View file

@ -302,6 +302,16 @@ $(call Package/iptables/Default)
endef endef
define Package/ip6tables-extra
$(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ip6tables-extra
TITLE:=IPv6 header matching modules
endef
define Package/ip6tables-mod-extra/description
iptables header matching modules for IPv6
endef
define Package/ip6tables-mod-nat define Package/ip6tables-mod-nat
$(call Package/iptables/Default) $(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ipt-nat6 DEPENDS:=ip6tables +kmod-ipt-nat6
@ -459,6 +469,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip4tc))