From 0bf90f2a0da9123618a281959a93004751e4e7d2 Mon Sep 17 00:00:00 2001 From: Nicolas Thill Date: Sun, 23 Sep 2007 17:22:17 +0000 Subject: [PATCH] add ipv6 conntrack support (closes: #2192) SVN-Revision: 8984 --- include/netfilter.mk | 29 +++++++++++++++++++++++++ package/kernel/modules/netfilter.mk | 4 ++-- target/linux/generic-2.6/config-2.6.22 | 5 ++--- target/linux/generic-2.6/config-default | 5 ++--- 4 files changed, 35 insertions(+), 8 deletions(-) diff --git a/include/netfilter.mk b/include/netfilter.mk index 440314dc16f..9ed736aea7d 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -11,6 +11,7 @@ __inc_netfilter:=1 ifeq ($(NF_KMOD),1) P_V4:=ipv4/netfilter/ +P_V6:=ipv6/netfilter/ P_XT:=netfilter/ endif @@ -142,6 +143,33 @@ $(eval $(call nf_add,IPT_IPSET,CONFIG_IP_NF_MATCH_SET, $(P_V4)ipt_set)) $(eval $(call nf_add,IPT_IPSET,CONFIG_IP_NF_TARGET_SET, $(P_V4)ipt_SET)) +# IPv6 + +# kernel only +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_RAW, $(P_V6)ip6table_raw),)) + +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_AH, $(P_V6)ip6t_ah)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_EUI64, $(P_V6)ip6t_eui64)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_HL, $(P_V6)ip6t_hl)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_IPV6HEADER, $(P_V6)ip6t_ipv6header)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_MH, $(P_V6)ip6t_mh)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OWNER, $(P_V6)ip6t_owner)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt)) + +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_HL, $(P_V6)ip6t_HL)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_IMQ, $(P_V6)ip6t_IMQ)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) +$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_ROUTE, $(P_V6)ip6t_ROUTE)) + + # nat # kernel only @@ -226,6 +254,7 @@ IPT_BUILTIN += $(IPT_IPOPT-y) IPT_BUILTIN += $(IPT_IPRANGE-y) IPT_BUILTIN += $(IPT_IPSEC-y) IPT_BUILTIN += $(IPT_IPSET-y) +IPT_BUILTIN += $(IPT_IPV6-y) IPT_BUILTIN += $(IPT_NAT-y) IPT_BUILTIN += $(IPT_ULOG-y) diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk index 5fe6b57ab60..d25296bec04 100644 --- a/package/kernel/modules/netfilter.mk +++ b/package/kernel/modules/netfilter.mk @@ -259,8 +259,8 @@ define KernelPackage/ip6tables SUBMENU:=$(NF_MENU) TITLE:=IPv6 modules KCONFIG:=CONFIG_IP6_NF_IPTABLES - FILES:=$(LINUX_DIR)/net/ipv6/netfilter/ip*.$(LINUX_KMOD_SUFFIX) - AUTOLOAD:=$(call AutoLoad,40,$(notdir $(patsubst %.ko,%,$(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6table_*.$(LINUX_KMOD_SUFFIX)) $(wildcard $(LINUX_DIR)/net/ipv6/netfilter/ip6t_*.$(LINUX_KMOD_SUFFIX))))) + FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX)) + AUTOLOAD:=$(call AutoLoad,40,$(notdir $(IPT_IPV6-m))) endef define KernelPackage/ip6tables/description diff --git a/target/linux/generic-2.6/config-2.6.22 b/target/linux/generic-2.6/config-2.6.22 index ba4c5e7ca1d..8fe379c10fc 100644 --- a/target/linux/generic-2.6/config-2.6.22 +++ b/target/linux/generic-2.6/config-2.6.22 @@ -487,8 +487,7 @@ CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m -CONFIG_IP6_NF_MATCH_LIMIT=m -# CONFIG_IP6_NF_MATCH_MH is not set +CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_RT=m @@ -831,7 +830,7 @@ CONFIG_NF_CONNTRACK_ENABLED=y CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_H323=m CONFIG_NF_CONNTRACK_IPV4=y -# CONFIG_NF_CONNTRACK_IPV6 is not set +CONFIG_NF_CONNTRACK_IPV6=m CONFIG_NF_CONNTRACK_IRC=m CONFIG_NF_CONNTRACK_MARK=y # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set diff --git a/target/linux/generic-2.6/config-default b/target/linux/generic-2.6/config-default index 34bc9201b9e..fbedf1acc83 100644 --- a/target/linux/generic-2.6/config-default +++ b/target/linux/generic-2.6/config-default @@ -465,8 +465,7 @@ CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m -CONFIG_IP6_NF_MATCH_LIMIT=m -# CONFIG_IP6_NF_MATCH_MH is not set +CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_OWNER=m CONFIG_IP6_NF_MATCH_RT=m @@ -810,7 +809,7 @@ CONFIG_NF_CONNTRACK_ENABLED=y CONFIG_NF_CONNTRACK_FTP=m CONFIG_NF_CONNTRACK_H323=m CONFIG_NF_CONNTRACK_IPV4=y -# CONFIG_NF_CONNTRACK_IPV6 is not set +CONFIG_NF_CONNTRACK_IPV6=m CONFIG_NF_CONNTRACK_IRC=m CONFIG_NF_CONNTRACK_MARK=y # CONFIG_NF_CONNTRACK_NETBIOS_NS is not set