ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-18 21:28:02 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

netfilter: add kmod-nfnetlink-ct{helper,timeout}

Browse Source 
Add kmod-nfnetlink-ct{helper,timeout} to allow handling firewall rules
in userspace (together with conntrackd). The timeout module allows
specifying custom expiration rules.

Signed-off-by: Joel Low <joel@joelsplace.sg>
This commit is contained in:
Joel Low 2024-12-14 21:39:36 +08:00
parent 15e173bf7e
commit 7e946c4a14
2 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config/Config-kernel.in
View File

@ -1239,6 +1239,13 @@ config KERNEL_MPTCP_IPV6
default KERNEL_MPTCP
endif
config KERNEL_NF_CONNTRACK_TIMEOUT
bool "Per-connection connection tracking timeout"
default y if !SMALL_FLASH
help
Select this option to enable support for per-connection conntrack timeouts.
Increases the (uncompressed) size of nf_conntrack.ko by ~8kB.
#
# NFS related symbols
#

34
package/kernel/linux/modules/netfilter.mk
View File

@ -1048,6 +1048,40 @@ endef
$(eval $(call KernelPackage,nfnetlink-queue))
define KernelPackage/nfnetlink-cthelper
TITLE:=Netfilter User space conntrack helpers
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_cthelper.ko
KCONFIG:=CONFIG_NF_CT_NETLINK_HELPER
AUTOLOAD:=$(call AutoProbe,nfnetlink_cthelper)
$(call AddDepends/nfnetlink,+kmod-nfnetlink-queue +kmod-nf-conntrack-netlink)
endef
define KernelPackage/nfnetlink-cthelper/description
Kernel modules support for a netlink-based connection tracking
userspace helpers interface
endef
$(eval $(call KernelPackage,nfnetlink-cthelper))
define KernelPackage/nfnetlink-cttimeout
TITLE:=Netfilter conntrack expectation timeout
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_cttimeout.ko
KCONFIG:=CONFIG_NF_CT_NETLINK_TIMEOUT
AUTOLOAD:=$(call AutoProbe,nfnetlink_cttimeout)
$(call AddDepends/nfnetlink,+kmod-nf-conntrack +kmod-nf-conntrack-timeout)
endef
define KernelPackage/nfnetlink-cttimeout/description
Kernel modules support for a netlink-based connection tracking
userspace timeout interface
Requires CONFIG_NF_CONNTRACK_TIMEOUT (only enabled for non-small flash devices)
endef
$(eval $(call KernelPackage,nfnetlink-cttimeout))
define KernelPackage/nf-conntrack-netlink
TITLE:=Connection tracking netlink interface
FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko