kernel: netfilter: split out iptable_raw into a separate package
This will avoid loading it in the default configuration, which reduces image size a bit, and (more importantly) improves performance by avoiding some unnecessary netfilter hooks Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
parent
565988ab47
commit
970dd4dd58
2 changed files with 22 additions and 2 deletions
|
@ -71,7 +71,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
|
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw))
|
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
|
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
|
||||||
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_CONNTRACK, $(P_XT)xt_conntrack))
|
$(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_CONNTRACK, $(P_XT)xt_conntrack))
|
||||||
|
|
||||||
|
@ -150,7 +149,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table_raw),))
|
|
||||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
|
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
|
||||||
|
|
||||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
|
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))
|
||||||
|
|
|
@ -289,6 +289,28 @@ endef
|
||||||
$(eval $(call KernelPackage,ipt-nat))
|
$(eval $(call KernelPackage,ipt-nat))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-raw
|
||||||
|
TITLE:=Netfilter IPv4 raw table support
|
||||||
|
KCONFIG:=CONFIG_IP_NF_RAW
|
||||||
|
FILES:=$(LINUX_DIR)/net/ipv4/netfilter/iptable_raw.ko
|
||||||
|
AUTOLOAD:=$(call AutoProbe,iptable_raw)
|
||||||
|
$(call AddDepends/ipt)
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,ipt-raw))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-raw6
|
||||||
|
TITLE:=Netfilter IPv6 raw table support
|
||||||
|
KCONFIG:=CONFIG_IP6_NF_RAW
|
||||||
|
FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip6table_raw.ko
|
||||||
|
AUTOLOAD:=$(call AutoProbe,ip6table_raw)
|
||||||
|
$(call AddDepends/ipt,+kmod-ip6tables)
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,ipt-raw6))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-nat6
|
define KernelPackage/ipt-nat6
|
||||||
TITLE:=IPv6 NAT targets
|
TITLE:=IPv6 NAT targets
|
||||||
KCONFIG:=$(KCONFIG_IPT_NAT6)
|
KCONFIG:=$(KCONFIG_IPT_NAT6)
|
||||||
|
|
Loading…
Reference in a new issue