1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-11-24 03:58:35 +02:00

[backfire] netfilter: backport r20690, r20693 & r20694

git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@20695 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nico 2010-04-04 12:47:52 +00:00
parent d4ddb74f18
commit c260242659
2 changed files with 85 additions and 130 deletions

View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2006-2008 OpenWrt.org # Copyright (C) 2006-2010 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -29,41 +29,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_t
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
#
# ebtables
#
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
# ebtables: tables
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
# ebtables: matches
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
# targets
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
# watchers
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
# userland only # userland only
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment))) $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment)))
@ -120,10 +85,11 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_TARGET_CONNMARK, $(
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_CONDITION, $(P_V4)ipt_condition)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_CONDITION, $(P_V4)ipt_condition))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_OWNER, $(P_V4)ipt_owner)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_OWNER, $(P_V4)ipt_owner))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_PKTTYPE, $(P_V4)ipt_pkttype)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_PKTTYPE, $(P_V4)ipt_pkttype))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota)) $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE)) #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
@ -257,6 +223,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_IRC, $(P_V4)ip_nat_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc)) $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc)) $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_TFTP, $(P_V4)ip_conntrack_tftp)) $(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_TFTP, $(P_V4)ip_conntrack_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_TFTP, $(P_V4)ip_nat_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp)) $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp)) $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
@ -264,6 +231,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
# nathelper-extra # nathelper-extra
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_AMANDA, $(P_V4)ip_conntrack_amanda)) $(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_AMANDA, $(P_V4)ip_conntrack_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_NAT_AMANDA, $(P_V4)ip_nat_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda)) $(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda)) $(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda))
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_CT_PROTO_GRE, $(P_V4)ip_conntrack_proto_gre)) $(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_CT_PROTO_GRE, $(P_V4)ip_conntrack_proto_gre))
@ -302,6 +270,42 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG)) $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
#
# ebtables
#
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
# ebtables: tables
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
# ebtables: matches
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
# targets
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
# watchers
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
# userland only # userland only
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m) IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
IPT_BUILTIN += $(IPT_CONNTRACK-y) IPT_BUILTIN += $(IPT_CONNTRACK-y)

View File

@ -21,18 +21,13 @@ endef
define KernelPackage/ipt-core/description define KernelPackage/ipt-core/description
Netfilter core kernel modules Netfilter core kernel modules
Includes: Includes:
- ipt_limit - comment (2.6)
- xt_limit - limit
- ipt_mac - LOG
- xt_mac - mac
- ipt_multiport - multiport
- xt_multiport - REJECT
- ipt_comment - TCPMSS
- xt_comment
- ipt_LOG
- ipt_TCPMSS
- xt_TCPMSS
- ipt_REJECT
endef endef
$(eval $(call KernelPackage,ipt-core)) $(eval $(call KernelPackage,ipt-core))
@ -56,11 +51,10 @@ define KernelPackage/ipt-conntrack/description
Netfilter (IPv4) kernel modules for connection tracking Netfilter (IPv4) kernel modules for connection tracking
Includes: Includes:
- conntrack - conntrack
- defrag - defrag (2.6)
- iptables_raw - iptables_raw
- NOTRACK - NOTRACK
- state - state
- xt_NOTRACK
endef endef
$(eval $(call KernelPackage,ipt-conntrack)) $(eval $(call KernelPackage,ipt-conntrack))
@ -98,10 +92,8 @@ endef
define KernelPackage/ipt-filter/description define KernelPackage/ipt-filter/description
Netfilter (IPv4) kernel modules for packet content inspection Netfilter (IPv4) kernel modules for packet content inspection
Includes: Includes:
- ipt_layer7 - layer7
- ipt_string - string
- xt_layer7
- xt_string
endef endef
$(eval $(call KernelPackage,ipt-filter)) $(eval $(call KernelPackage,ipt-filter))
@ -118,30 +110,18 @@ endef
define KernelPackage/ipt-ipopt/description define KernelPackage/ipt-ipopt/description
Netfilter (IPv4) modules for matching/changing IP packet options Netfilter (IPv4) modules for matching/changing IP packet options
Includes: Includes:
- ipt_dscp - CLASSIFY
- xt_dscp - dscp/DSCP
- xt_DSCP - ecn/ECN
- ipt_ecn - hl/HL (2.6.30 and later)
- ipt_length - length
- xt_length - mark/MARK
- ipt_mark - statistic (2.6)
- xt_mark - tcpmss
- xt_statistic - time
- ipt_tcpmss - tos/TOS (prior to 2.6.25)
- xt_tcpmss - ttl/TTL (prior to 2.6.30)
- ipt_time - unclean
- xt_time
- ipt_unclean
- ipt_CLASSIFY
- xt_CLASSIFY
- ipt_DSCP
- ipt_ECN
- ipt_MARK
- xt_MARK
- xt_tos
- xt_TOS
- xt_hl
- xt_HL
endef endef
$(eval $(call KernelPackage,ipt-ipopt)) $(eval $(call KernelPackage,ipt-ipopt))
@ -158,10 +138,9 @@ endef
define KernelPackage/ipt-ipsec/description define KernelPackage/ipt-ipsec/description
Netfilter (IPv4) modules for matching IPSec packets Netfilter (IPv4) modules for matching IPSec packets
Includes: Includes:
- ipt_ah - ah
- ipt_esp - esp
- xt_esp - policy (2.6)
- xt_policy
endef endef
$(eval $(call KernelPackage,ipt-ipsec)) $(eval $(call KernelPackage,ipt-ipsec))
@ -195,7 +174,7 @@ endef
define KernelPackage/ipt-nat-extra/description define KernelPackage/ipt-nat-extra/description
Netfilter (IPv4) kernel modules for extra NAT targets Netfilter (IPv4) kernel modules for extra NAT targets
Includes: Includes:
- MIRROR - MIRROR (2.4)
- NETMAP - NETMAP
- REDIRECT - REDIRECT
endef endef
@ -214,17 +193,9 @@ endef
define KernelPackage/ipt-nathelper/description define KernelPackage/ipt-nathelper/description
Default Netfilter (IPv4) Conntrack and NAT helpers Default Netfilter (IPv4) Conntrack and NAT helpers
Includes: Includes:
- ip_conntrack_ftp - ftp
- ip_nat_ftp - irc
- nf_conntrack_ftp - tftp
- nf_nat_ftp
- ip_conntrack_irc
- ip_nat_irc
- nf_conntrack_irc
- nf_nat_irc
- ip_conntrack_tftp
- nf_conntrack_tftp
- nf_nat_tftp
endef endef
$(eval $(call KernelPackage,ipt-nathelper)) $(eval $(call KernelPackage,ipt-nathelper))
@ -241,33 +212,14 @@ endef
define KernelPackage/ipt-nathelper-extra/description define KernelPackage/ipt-nathelper-extra/description
Extra Netfilter (IPv4) Conntrack and NAT helpers Extra Netfilter (IPv4) Conntrack and NAT helpers
Includes: Includes:
- ip_conntrack_amanda - amanda
- nf_conntrack_amanda - h323
- nf_nat_amanda - mms
- ip_conntrack_proto_gre - pptp (2.6)
- ip_nat_proto_gre - proto_gre (2.6)
- nf_conntrack_proto_gre - rtsp
- nf_nat_proto_gre - sip (2.6)
- ip_conntrack_h323 - snmp_basic
- ip_nat_h323
- nf_conntrack_h323
- nf_nat_h323
- ip_conntrack_mms
- ip_nat_mms
- ip_conntrack_pptp
- ip_nat_pptp
- nf_conntrack_pptp
- nf_nat_pptp
- ip_conntrack_rtsp
- ip_nat_rtsp
- nf_conntrack_rtsp
- nf_nat_rtsp
- ip_conntrack_sip
- ip_nat_sip
- nf_conntrack_sip
- nf_nat_sip
- ip_nat_snmp_basic
- nf_nat_snmp_basic
endef endef
$(eval $(call KernelPackage,ipt-nathelper-extra)) $(eval $(call KernelPackage,ipt-nathelper-extra))
@ -325,7 +277,7 @@ endef
define KernelPackage/ipt-ulog/description define KernelPackage/ipt-ulog/description
Netfilter (IPv4) module for user-space packet logging Netfilter (IPv4) module for user-space packet logging
Includes: Includes:
- ipt_ULOG - ULOG
endef endef
$(eval $(call KernelPackage,ipt-ulog)) $(eval $(call KernelPackage,ipt-ulog))
@ -342,7 +294,7 @@ endef
define KernelPackage/ipt-iprange/description define KernelPackage/ipt-iprange/description
Netfilter (IPv4) module for matching ip ranges Netfilter (IPv4) module for matching ip ranges
Includes: Includes:
- ipt_IPRANGE - iprange
endef endef
$(eval $(call KernelPackage,ipt-iprange)) $(eval $(call KernelPackage,ipt-iprange))
@ -359,12 +311,11 @@ endef
define KernelPackage/ipt-extra/description define KernelPackage/ipt-extra/description
Other Netfilter (IPv4) kernel modules Other Netfilter (IPv4) kernel modules
Includes: Includes:
- ipt_condition - condition (2.4 only)
- ipt_owner - owner
- xt_physdev - physdev (if bridge support was enabled in kernel)
- ipt_pkttype - pkttype
- xt_pkttype - quota
- xt_quota
endef endef
$(eval $(call KernelPackage,ipt-extra)) $(eval $(call KernelPackage,ipt-extra))