netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit is contained in:
Yousong Zhou 2022-02-24 05:44:49 +00:00
parent 9c335accfe
commit 4f443c885d
2 changed files with 45 additions and 7 deletions

View File

@ -239,14 +239,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N
$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
# tproxy # socket
$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) # tproxy
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4)) $(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6)) $(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
# led # led
$(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))

View File

@ -162,6 +162,28 @@ endef
$(eval $(call KernelPackage,nf-flow)) $(eval $(call KernelPackage,nf-flow))
define KernelPackage/nf-socket
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter socket lookup support
KCONFIG:= $(KCOFNIG_NF_SOCKET)
FILES:=$(foreach mod,$(NF_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_SOCKET-m)))
endef
$(eval $(call KernelPackage,nf-socket))
define KernelPackage/nf-tproxy
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter tproxy support
KCONFIG:= $(KCOFNIG_NF_TPROXY)
FILES:=$(foreach mod,$(NF_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_TPROXY-m)))
endef
$(eval $(call KernelPackage,nf-tproxy))
define AddDepends/ipt define AddDepends/ipt
SUBMENU:=$(NF_MENU) SUBMENU:=$(NF_MENU)
DEPENDS+= +kmod-ipt-core $(1) DEPENDS+= +kmod-ipt-core $(1)
@ -645,9 +667,24 @@ endef
$(eval $(call KernelPackage,ipt-led)) $(eval $(call KernelPackage,ipt-led))
define KernelPackage/ipt-socket
TITLE:=Iptables socket matching support
DEPENDS+=+kmod-nf-socket +kmod-nf-conntrack
KCONFIG:=$(KCONFIG_IPT_SOCKET)
FILES:=$(foreach mod,$(IPT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_SOCKET-m)))
$(call AddDepends/ipt)
endef
define KernelPackage/ipt-socket/description
Kernel modules for socket matching
endef
$(eval $(call KernelPackage,ipt-socket))
define KernelPackage/ipt-tproxy define KernelPackage/ipt-tproxy
TITLE:=Transparent proxying support TITLE:=Transparent proxying support
DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables DEPENDS+=+kmod-nf-tproxy +kmod-nf-conntrack
KCONFIG:=$(KCONFIG_IPT_TPROXY) KCONFIG:=$(KCONFIG_IPT_TPROXY)
FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko) FILES:=$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m))) AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TPROXY-m)))