From 7408cdaa310fe75a6da3d4de165d84fcde123c62 Mon Sep 17 00:00:00 2001 From: Alin Nastac Date: Mon, 25 Jun 2018 10:22:21 +0200 Subject: [PATCH] netfilter: add bpf match support Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac (backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4) --- include/netfilter.mk | 1 + package/kernel/linux/modules/netfilter.mk | 1 + package/network/utils/iptables/Makefile | 1 + 3 files changed, 3 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk index 5d532cea5b2..510aa183ca1 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph # filter $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string)) +$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf)) # ipopt diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 55226bf6295..3d01ccecf85 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description Netfilter (IPv4) kernel modules for packet content inspection Includes: - string + - bpf endef $(eval $(call KernelPackage,ipt-filter)) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 1d758ed07d7..9c7179c51dc 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -150,6 +150,7 @@ Includes support for: Matches: - string + - bpf endef