From 4f443c885dede3331b969e6265a41a0ff1e3059a Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Thu, 24 Feb 2022 05:44:49 +0000 Subject: [PATCH] netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy Signed-off-by: Yousong Zhou --- include/netfilter.mk | 13 ++++---- package/kernel/linux/modules/netfilter.mk | 39 ++++++++++++++++++++++- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 4602a1d412..751fabef19 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) -# tproxy +# socket +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) +$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) +# tproxy +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) +$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4)) -$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6)) # led $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 75a06fb651..85780306f3 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -162,6 +162,28 @@ endef $(eval $(call KernelPackage,nf-flow)) +define KernelPackage/nf-socket + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter socket lookup support + KCONFIG:= $(KCOFNIG_NF_SOCKET) + FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m))) +endef + +$(eval $(call KernelPackage,nf-socket)) + + +define KernelPackage/nf-tproxy + SUBMENU:=$(NF_MENU) + TITLE:=Netfilter tproxy support + KCONFIG:= $(KCOFNIG_NF_TPROXY) + FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m))) +endef + +$(eval $(call KernelPackage,nf-tproxy)) + + define AddDepends/ipt SUBMENU:=$(NF_MENU) DEPENDS+= +kmod-ipt-core $(1) @@ -645,9 +667,24 @@ endef $(eval $(call KernelPackage,ipt-led)) +define KernelPackage/ipt-socket + TITLE:=Iptables socket matching support + DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack + KCONFIG:=$(KCONFIG_IPT_SOCKET) + FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-socket/description + Kernel modules for socket matching +endef + +$(eval $(call KernelPackage,ipt-socket)) + define KernelPackage/ipt-tproxy TITLE:=Transparent proxying support - DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables + DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack KCONFIG:=$(KCONFIG_IPT_TPROXY) FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) -- 2.30.2