1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2025-01-26 18:21:06 +02:00

[backfire] netfilter: backport r20690, r20693 & r20694

git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@20695 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nico 2010-04-04 12:47:52 +00:00
parent d4ddb74f18
commit c260242659
2 changed files with 85 additions and 130 deletions

View File

@ -1,5 +1,5 @@
#
# Copyright (C) 2006-2008 OpenWrt.org
# Copyright (C) 2006-2010 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
@ -29,41 +29,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_t
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
#
# ebtables
#
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
# ebtables: tables
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
# ebtables: matches
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
# targets
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
# watchers
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
# userland only
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment)))
@ -120,10 +85,11 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_TARGET_CONNMARK, $(
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_CONDITION, $(P_V4)ipt_condition))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_OWNER, $(P_V4)ipt_owner))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_PKTTYPE, $(P_V4)ipt_pkttype))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
@ -257,6 +223,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_IRC, $(P_V4)ip_nat_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_TFTP, $(P_V4)ip_conntrack_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_TFTP, $(P_V4)ip_nat_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
@ -264,6 +231,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
# nathelper-extra
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_AMANDA, $(P_V4)ip_conntrack_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_NAT_AMANDA, $(P_V4)ip_nat_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_CT_PROTO_GRE, $(P_V4)ip_conntrack_proto_gre))
@ -302,6 +270,42 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
#
# ebtables
#
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
# ebtables: tables
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
# ebtables: matches
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
# targets
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
# watchers
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
# userland only
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
IPT_BUILTIN += $(IPT_CONNTRACK-y)

View File

@ -21,18 +21,13 @@ endef
define KernelPackage/ipt-core/description
Netfilter core kernel modules
Includes:
- ipt_limit
- xt_limit
- ipt_mac
- xt_mac
- ipt_multiport
- xt_multiport
- ipt_comment
- xt_comment
- ipt_LOG
- ipt_TCPMSS
- xt_TCPMSS
- ipt_REJECT
- comment (2.6)
- limit
- LOG
- mac
- multiport
- REJECT
- TCPMSS
endef
$(eval $(call KernelPackage,ipt-core))
@ -56,11 +51,10 @@ define KernelPackage/ipt-conntrack/description
Netfilter (IPv4) kernel modules for connection tracking
Includes:
- conntrack
- defrag
- defrag (2.6)
- iptables_raw
- NOTRACK
- state
- xt_NOTRACK
endef
$(eval $(call KernelPackage,ipt-conntrack))
@ -98,10 +92,8 @@ endef
define KernelPackage/ipt-filter/description
Netfilter (IPv4) kernel modules for packet content inspection
Includes:
- ipt_layer7
- ipt_string
- xt_layer7
- xt_string
- layer7
- string
endef
$(eval $(call KernelPackage,ipt-filter))
@ -118,30 +110,18 @@ endef
define KernelPackage/ipt-ipopt/description
Netfilter (IPv4) modules for matching/changing IP packet options
Includes:
- ipt_dscp
- xt_dscp
- xt_DSCP
- ipt_ecn
- ipt_length
- xt_length
- ipt_mark
- xt_mark
- xt_statistic
- ipt_tcpmss
- xt_tcpmss
- ipt_time
- xt_time
- ipt_unclean
- ipt_CLASSIFY
- xt_CLASSIFY
- ipt_DSCP
- ipt_ECN
- ipt_MARK
- xt_MARK
- xt_tos
- xt_TOS
- xt_hl
- xt_HL
- CLASSIFY
- dscp/DSCP
- ecn/ECN
- hl/HL (2.6.30 and later)
- length
- mark/MARK
- statistic (2.6)
- tcpmss
- time
- tos/TOS (prior to 2.6.25)
- ttl/TTL (prior to 2.6.30)
- unclean
endef
$(eval $(call KernelPackage,ipt-ipopt))
@ -158,10 +138,9 @@ endef
define KernelPackage/ipt-ipsec/description
Netfilter (IPv4) modules for matching IPSec packets
Includes:
- ipt_ah
- ipt_esp
- xt_esp
- xt_policy
- ah
- esp
- policy (2.6)
endef
$(eval $(call KernelPackage,ipt-ipsec))
@ -195,7 +174,7 @@ endef
define KernelPackage/ipt-nat-extra/description
Netfilter (IPv4) kernel modules for extra NAT targets
Includes:
- MIRROR
- MIRROR (2.4)
- NETMAP
- REDIRECT
endef
@ -214,17 +193,9 @@ endef
define KernelPackage/ipt-nathelper/description
Default Netfilter (IPv4) Conntrack and NAT helpers
Includes:
- ip_conntrack_ftp
- ip_nat_ftp
- nf_conntrack_ftp
- nf_nat_ftp
- ip_conntrack_irc
- ip_nat_irc
- nf_conntrack_irc
- nf_nat_irc
- ip_conntrack_tftp
- nf_conntrack_tftp
- nf_nat_tftp
- ftp
- irc
- tftp
endef
$(eval $(call KernelPackage,ipt-nathelper))
@ -241,33 +212,14 @@ endef
define KernelPackage/ipt-nathelper-extra/description
Extra Netfilter (IPv4) Conntrack and NAT helpers
Includes:
- ip_conntrack_amanda
- nf_conntrack_amanda
- nf_nat_amanda
- ip_conntrack_proto_gre
- ip_nat_proto_gre
- nf_conntrack_proto_gre
- nf_nat_proto_gre
- ip_conntrack_h323
- ip_nat_h323
- nf_conntrack_h323
- nf_nat_h323
- ip_conntrack_mms
- ip_nat_mms
- ip_conntrack_pptp
- ip_nat_pptp
- nf_conntrack_pptp
- nf_nat_pptp
- ip_conntrack_rtsp
- ip_nat_rtsp
- nf_conntrack_rtsp
- nf_nat_rtsp
- ip_conntrack_sip
- ip_nat_sip
- nf_conntrack_sip
- nf_nat_sip
- ip_nat_snmp_basic
- nf_nat_snmp_basic
- amanda
- h323
- mms
- pptp (2.6)
- proto_gre (2.6)
- rtsp
- sip (2.6)
- snmp_basic
endef
$(eval $(call KernelPackage,ipt-nathelper-extra))
@ -325,7 +277,7 @@ endef
define KernelPackage/ipt-ulog/description
Netfilter (IPv4) module for user-space packet logging
Includes:
- ipt_ULOG
- ULOG
endef
$(eval $(call KernelPackage,ipt-ulog))
@ -342,7 +294,7 @@ endef
define KernelPackage/ipt-iprange/description
Netfilter (IPv4) module for matching ip ranges
Includes:
- ipt_IPRANGE
- iprange
endef
$(eval $(call KernelPackage,ipt-iprange))
@ -359,12 +311,11 @@ endef
define KernelPackage/ipt-extra/description
Other Netfilter (IPv4) kernel modules
Includes:
- ipt_condition
- ipt_owner
- xt_physdev
- ipt_pkttype
- xt_pkttype
- xt_quota
- condition (2.4 only)
- owner
- physdev (if bridge support was enabled in kernel)
- pkttype
- quota
endef
$(eval $(call KernelPackage,ipt-extra))