mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-24 00:14:05 +02:00
[backfire] netfilter: backport r20690, r20693 & r20694
git-svn-id: svn://svn.openwrt.org/openwrt/branches/backfire@20695 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
nico
parent
d4ddb74f18
commit
c260242659
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright (C) 2006-2008 OpenWrt.org
|
||||
# Copyright (C) 2006-2010 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
@ -29,41 +29,6 @@ $(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, $(P_V4)ip_t
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_FILTER, $(P_V4)iptable_filter),))
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CORE,CONFIG_IP_NF_MANGLE, $(P_V4)iptable_mangle),))
|
||||
|
||||
#
|
||||
# ebtables
|
||||
#
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
|
||||
|
||||
# ebtables: tables
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
|
||||
|
||||
# ebtables: matches
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
|
||||
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
|
||||
|
||||
# targets
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
|
||||
|
||||
# watchers
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||
|
||||
# userland only
|
||||
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_IP_NF_IPTABLES, xt_standard ipt_icmp xt_tcp xt_udp xt_comment)))
|
||||
|
||||
@ -120,10 +85,11 @@ $(eval $(call nf_add,IPT_CONNTRACK_EXTRA,CONFIG_NETFILTER_XT_TARGET_CONNMARK, $(
|
||||
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_CONDITION, $(P_V4)ipt_condition))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_OWNER, $(P_V4)ipt_owner))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_physdev))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_PKTTYPE, $(P_V4)ipt_pkttype))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
|
||||
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_QUOTA, $(P_V4)ipt_quota))
|
||||
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
|
||||
|
||||
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
|
||||
@ -257,6 +223,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_IRC, $(P_V4)ip_nat_irc))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_TFTP, $(P_V4)ip_conntrack_tftp))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_IP_NF_NAT_TFTP, $(P_V4)ip_nat_tftp))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
|
||||
$(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
|
||||
|
||||
@ -264,6 +231,7 @@ $(eval $(call nf_add,IPT_NATHELPER,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
|
||||
# nathelper-extra
|
||||
|
||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_AMANDA, $(P_V4)ip_conntrack_amanda))
|
||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_NAT_AMANDA, $(P_V4)ip_nat_amanda))
|
||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
|
||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda))
|
||||
$(eval $(call nf_add,IPT_NATHELPER_EXTRA,CONFIG_IP_NF_CT_PROTO_GRE, $(P_V4)ip_conntrack_proto_gre))
|
||||
@ -302,6 +270,42 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
|
||||
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
||||
|
||||
|
||||
#
|
||||
# ebtables
|
||||
#
|
||||
|
||||
$(eval $(if $(NF_KMOD),$(call nf_add,EBTABLES,CONFIG_BRIDGE_NF_EBTABLES, $(P_EBT)ebtables),))
|
||||
|
||||
# ebtables: tables
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_BROUTE, $(P_EBT)ebtable_broute))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_FILTER, $(P_EBT)ebtable_filter))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_T_NAT, $(P_EBT)ebtable_nat))
|
||||
|
||||
# ebtables: matches
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_802_3, $(P_EBT)ebt_802_3))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_AMONG, $(P_EBT)ebt_among))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARP, $(P_EBT)ebt_arp))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_IP, $(P_EBT)ebt_ip))
|
||||
$(eval $(call nf_add,EBTABLES_IP6,CONFIG_BRIDGE_EBT_IP6, $(P_EBT)ebt_ip6))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_LIMIT, $(P_EBT)ebt_limit))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK, $(P_EBT)ebt_mark_m))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_PKTTYPE, $(P_EBT)ebt_pkttype))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_STP, $(P_EBT)ebt_stp))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_VLAN, $(P_EBT)ebt_vlan))
|
||||
|
||||
# targets
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_ARPREPLY, $(P_EBT)ebt_arpreply))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_MARK_T, $(P_EBT)ebt_mark))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_DNAT, $(P_EBT)ebt_dnat))
|
||||
$(eval $(call nf_add,EBTABLES,CONFIG_BRIDGE_EBT_REDIRECT, $(P_EBT)ebt_redirect))
|
||||
$(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
|
||||
|
||||
# watchers
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||
|
||||
|
||||
# userland only
|
||||
IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
|
||||
IPT_BUILTIN += $(IPT_CONNTRACK-y)
|
||||
|
||||
@ -21,18 +21,13 @@ endef
|
||||
define KernelPackage/ipt-core/description
|
||||
Netfilter core kernel modules
|
||||
Includes:
|
||||
- ipt_limit
|
||||
- xt_limit
|
||||
- ipt_mac
|
||||
- xt_mac
|
||||
- ipt_multiport
|
||||
- xt_multiport
|
||||
- ipt_comment
|
||||
- xt_comment
|
||||
- ipt_LOG
|
||||
- ipt_TCPMSS
|
||||
- xt_TCPMSS
|
||||
- ipt_REJECT
|
||||
- comment (2.6)
|
||||
- limit
|
||||
- LOG
|
||||
- mac
|
||||
- multiport
|
||||
- REJECT
|
||||
- TCPMSS
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-core))
|
||||
@ -56,11 +51,10 @@ define KernelPackage/ipt-conntrack/description
|
||||
Netfilter (IPv4) kernel modules for connection tracking
|
||||
Includes:
|
||||
- conntrack
|
||||
- defrag
|
||||
- defrag (2.6)
|
||||
- iptables_raw
|
||||
- NOTRACK
|
||||
- state
|
||||
- xt_NOTRACK
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-conntrack))
|
||||
@ -98,10 +92,8 @@ endef
|
||||
define KernelPackage/ipt-filter/description
|
||||
Netfilter (IPv4) kernel modules for packet content inspection
|
||||
Includes:
|
||||
- ipt_layer7
|
||||
- ipt_string
|
||||
- xt_layer7
|
||||
- xt_string
|
||||
- layer7
|
||||
- string
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-filter))
|
||||
@ -118,30 +110,18 @@ endef
|
||||
define KernelPackage/ipt-ipopt/description
|
||||
Netfilter (IPv4) modules for matching/changing IP packet options
|
||||
Includes:
|
||||
- ipt_dscp
|
||||
- xt_dscp
|
||||
- xt_DSCP
|
||||
- ipt_ecn
|
||||
- ipt_length
|
||||
- xt_length
|
||||
- ipt_mark
|
||||
- xt_mark
|
||||
- xt_statistic
|
||||
- ipt_tcpmss
|
||||
- xt_tcpmss
|
||||
- ipt_time
|
||||
- xt_time
|
||||
- ipt_unclean
|
||||
- ipt_CLASSIFY
|
||||
- xt_CLASSIFY
|
||||
- ipt_DSCP
|
||||
- ipt_ECN
|
||||
- ipt_MARK
|
||||
- xt_MARK
|
||||
- xt_tos
|
||||
- xt_TOS
|
||||
- xt_hl
|
||||
- xt_HL
|
||||
- CLASSIFY
|
||||
- dscp/DSCP
|
||||
- ecn/ECN
|
||||
- hl/HL (2.6.30 and later)
|
||||
- length
|
||||
- mark/MARK
|
||||
- statistic (2.6)
|
||||
- tcpmss
|
||||
- time
|
||||
- tos/TOS (prior to 2.6.25)
|
||||
- ttl/TTL (prior to 2.6.30)
|
||||
- unclean
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-ipopt))
|
||||
@ -158,10 +138,9 @@ endef
|
||||
define KernelPackage/ipt-ipsec/description
|
||||
Netfilter (IPv4) modules for matching IPSec packets
|
||||
Includes:
|
||||
- ipt_ah
|
||||
- ipt_esp
|
||||
- xt_esp
|
||||
- xt_policy
|
||||
- ah
|
||||
- esp
|
||||
- policy (2.6)
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-ipsec))
|
||||
@ -195,7 +174,7 @@ endef
|
||||
define KernelPackage/ipt-nat-extra/description
|
||||
Netfilter (IPv4) kernel modules for extra NAT targets
|
||||
Includes:
|
||||
- MIRROR
|
||||
- MIRROR (2.4)
|
||||
- NETMAP
|
||||
- REDIRECT
|
||||
endef
|
||||
@ -214,17 +193,9 @@ endef
|
||||
define KernelPackage/ipt-nathelper/description
|
||||
Default Netfilter (IPv4) Conntrack and NAT helpers
|
||||
Includes:
|
||||
- ip_conntrack_ftp
|
||||
- ip_nat_ftp
|
||||
- nf_conntrack_ftp
|
||||
- nf_nat_ftp
|
||||
- ip_conntrack_irc
|
||||
- ip_nat_irc
|
||||
- nf_conntrack_irc
|
||||
- nf_nat_irc
|
||||
- ip_conntrack_tftp
|
||||
- nf_conntrack_tftp
|
||||
- nf_nat_tftp
|
||||
- ftp
|
||||
- irc
|
||||
- tftp
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-nathelper))
|
||||
@ -241,33 +212,14 @@ endef
|
||||
define KernelPackage/ipt-nathelper-extra/description
|
||||
Extra Netfilter (IPv4) Conntrack and NAT helpers
|
||||
Includes:
|
||||
- ip_conntrack_amanda
|
||||
- nf_conntrack_amanda
|
||||
- nf_nat_amanda
|
||||
- ip_conntrack_proto_gre
|
||||
- ip_nat_proto_gre
|
||||
- nf_conntrack_proto_gre
|
||||
- nf_nat_proto_gre
|
||||
- ip_conntrack_h323
|
||||
- ip_nat_h323
|
||||
- nf_conntrack_h323
|
||||
- nf_nat_h323
|
||||
- ip_conntrack_mms
|
||||
- ip_nat_mms
|
||||
- ip_conntrack_pptp
|
||||
- ip_nat_pptp
|
||||
- nf_conntrack_pptp
|
||||
- nf_nat_pptp
|
||||
- ip_conntrack_rtsp
|
||||
- ip_nat_rtsp
|
||||
- nf_conntrack_rtsp
|
||||
- nf_nat_rtsp
|
||||
- ip_conntrack_sip
|
||||
- ip_nat_sip
|
||||
- nf_conntrack_sip
|
||||
- nf_nat_sip
|
||||
- ip_nat_snmp_basic
|
||||
- nf_nat_snmp_basic
|
||||
- amanda
|
||||
- h323
|
||||
- mms
|
||||
- pptp (2.6)
|
||||
- proto_gre (2.6)
|
||||
- rtsp
|
||||
- sip (2.6)
|
||||
- snmp_basic
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-nathelper-extra))
|
||||
@ -325,7 +277,7 @@ endef
|
||||
define KernelPackage/ipt-ulog/description
|
||||
Netfilter (IPv4) module for user-space packet logging
|
||||
Includes:
|
||||
- ipt_ULOG
|
||||
- ULOG
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-ulog))
|
||||
@ -342,7 +294,7 @@ endef
|
||||
define KernelPackage/ipt-iprange/description
|
||||
Netfilter (IPv4) module for matching ip ranges
|
||||
Includes:
|
||||
- ipt_IPRANGE
|
||||
- iprange
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-iprange))
|
||||
@ -359,12 +311,11 @@ endef
|
||||
define KernelPackage/ipt-extra/description
|
||||
Other Netfilter (IPv4) kernel modules
|
||||
Includes:
|
||||
- ipt_condition
|
||||
- ipt_owner
|
||||
- xt_physdev
|
||||
- ipt_pkttype
|
||||
- xt_pkttype
|
||||
- xt_quota
|
||||
- condition (2.4 only)
|
||||
- owner
|
||||
- physdev (if bridge support was enabled in kernel)
|
||||
- pkttype
|
||||
- quota
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-extra))
|
||||
|
||||
Loading…
Reference in New Issue
Block a user