netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This commit is contained in:
parent
094d49cddf
commit
ab07ae2f27
3 changed files with 3 additions and 0 deletions
|
@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
|
||||||
# filter
|
# filter
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
|
$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
|
||||||
|
$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
|
||||||
|
|
||||||
|
|
||||||
# ipopt
|
# ipopt
|
||||||
|
|
|
@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
|
||||||
Netfilter (IPv4) kernel modules for packet content inspection
|
Netfilter (IPv4) kernel modules for packet content inspection
|
||||||
Includes:
|
Includes:
|
||||||
- string
|
- string
|
||||||
|
- bpf
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,ipt-filter))
|
$(eval $(call KernelPackage,ipt-filter))
|
||||||
|
|
|
@ -151,6 +151,7 @@ Includes support for:
|
||||||
|
|
||||||
Matches:
|
Matches:
|
||||||
- string
|
- string
|
||||||
|
- bpf
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue