backport netfilter modules split introduced by changeset:2083 in whiterussian (fix...
authorNicolas Thill <nico@openwrt.org>
Fri, 11 Nov 2005 18:59:20 +0000 (18:59 +0000)
committerNicolas Thill <nico@openwrt.org>
Fri, 11 Nov 2005 18:59:20 +0000 (18:59 +0000)
SVN-Revision: 2430

15 files changed:
openwrt/target/linux/Config.in
openwrt/target/linux/control/kmod-imq.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-conntrack.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-extra.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-filter.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-ipopt.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-ipsec.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-nat-extra.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-nat.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-queue.control [new file with mode: 0644]
openwrt/target/linux/control/kmod-ipt-ulog.control [new file with mode: 0644]
openwrt/target/linux/linux-2.4/Makefile
openwrt/target/linux/linux-2.6/Makefile
openwrt/target/linux/netfilter.mk [new file with mode: 0644]
openwrt/target/linux/rules.mk

index ba8e4113c3a5970a549b0b94c6c7e091e893deb7..cd7febae71dd1efd36a8eae0e0ab186227771fb4 100644 (file)
@@ -188,21 +188,141 @@ config BR2_PACKAGE_KMOD_EBTABLES
        help
          Kernel modules for bridge firewalling
 
-config BR2_PACKAGE_KMOD_IPTABLES_V4
-       prompt "kmod-iptables..................... Basic set of kernel modules for iptables"
+config BR2_PACKAGE_KMOD_IPTABLES
+       prompt "kmod-iptables..................... Core Netfilter modules for IPv4 firewalling"
        tristate
        default y
        help
          Kernel modules for IPv4 firewalling
 
-config BR2_PACKAGE_KMOD_IPTABLES_V4_EXTRA
-       prompt "kmod-iptables-extra............... Extra modules for iptables"
+config BR2_PACKAGE_KMOD_IPTABLES_EXTRA
+       prompt "kmod-iptables-extra............... Extra Netfilter modules for IPv4 firewalling (meta-package)"
        tristate
        default m
+       select BR2_PACKAGE_KMOD_IPT_CONNTRACK
+       select BR2_PACKAGE_KMOD_IPT_FILTER
+       select BR2_PACKAGE_KMOD_IPT_IPOPT
+       select BR2_PACKAGE_KMOD_IPT_IPSEC
+       select BR2_PACKAGE_KMOD_IPT_NAT
+       select BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+       select BR2_PACKAGE_KMOD_IPT_QUEUE
+       select BR2_PACKAGE_KMOD_IPT_ULOG
+       select BR2_PACKAGE_KMOD_IPT_EXTRA
        help
-         Extra kernel modules for IPv4 firewalling
+         Extra Netfilter kernel modules for IPv4 firewalling (meta-package)
 
-config BR2_PACKAGE_KMOD_IPTABLES_V6
+config BR2_PACKAGE_KMOD_IPT_CONNTRACK
+       prompt "kmod-ipt-conntrack................ Netfilter modules for connection tracking"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) kernel modules for connection tracking
+
+         Includes:
+           * ipt_conntrack
+           * ipt_helper
+           * ipt_connmark/CONNMARK
+
+config BR2_PACKAGE_KMOD_IPT_FILTER
+       prompt "kmod-ipt-filter................... Netfilter modules for packet content inspection"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) kernel modules for packet content inspection
+
+         Includes:
+           * ipt_ipp2p
+           * ipt_layer7
+
+config BR2_PACKAGE_KMOD_IPT_IPOPT
+       prompt "kmod-ipt-ipopt.................... Netfilter modules for matching/changing IP packet options"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) kernel modules for matching/changing IP packet options
+         
+         Includes:
+           * ipt_dscp/DSCP
+           * ipt_ecn/ECN
+           * ipt_length
+           * ipt_mac
+           * ipt_tos/TOS
+           * ipt_tcpmms
+           * ipt_ttl/TTL
+           * ipt_unclean
+
+config BR2_PACKAGE_KMOD_IPT_IPSEC
+       prompt "kmod-ipt-ipsec.................... Netfilter modules for matching IPsec packets"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) kernel modules for matching IPsec packets
+         
+         Includes:
+           * ipt_ah
+           * ipt_esp
+
+config BR2_PACKAGE_KMOD_IPT_NAT
+       prompt "kmod-ipt-nat...................... Netfilter modules for different NAT targets"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) kernel modules for different NAT targets
+
+         Includes: 
+           * ipt_REDIRECT
+
+config BR2_PACKAGE_KMOD_IPT_NAT_EXTRA
+       prompt "kmod-ipt-nat-extra................ Extra Netfilter NAT modules for special protocols"
+       tristate
+       default m
+       help
+         Extra Netfilter (IPv4) NAT kernel modules for special protocols
+         
+         Includes:
+           * ip_conntrack_amanda
+           * ip_conntrack_proto_gre
+           * ip_nat_proto_gre
+           * ip_conntrack_pptp
+           * ip_nat_pptp
+           * ip_nat_snmp_basic
+           * ip_conntrack_tftp
+
+config BR2_PACKAGE_KMOD_IPT_QUEUE
+       prompt "kmod-ipt-queue.................... Netfilter module for user-space packet queueing"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) module for user-space packet queueing
+         
+         Includes:
+           * ipt_QUEUE
+
+config BR2_PACKAGE_KMOD_IPT_ULOG
+       prompt "kmod-ipt-ulog..................... Netfilter module for user-space packet logging"
+       tristate
+       default m
+       help
+         Netfilter (IPv4) module for user-space packet logging
+         
+         Includes:
+           * ipt_ULOG
+
+config BR2_PACKAGE_KMOD_IPT_EXTRA
+       prompt "kmod-ipt-extra.................... Other extra Netfilter modules"
+       tristate
+       default m
+       help
+         Other extra Netfilter (IPv4) kernel modules
+
+         Includes:
+           * ipt_limit
+           * ipt_owner
+           * ipt_physdev
+           * ipt_pkttype
+           * ipt_recent
+
+config BR2_PACKAGE_KMOD_IP6TABLES
        prompt "kmod-ip6tables.................... Kernel modules for ip6tables"
        tristate
        default m
diff --git a/openwrt/target/linux/control/kmod-imq.control b/openwrt/target/linux/control/kmod-imq.control
new file mode 100644 (file)
index 0000000..78925a4
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-imq
+Priority: optional
+Section: net
+Description: Kernel support for the Intermediate Queueing device
diff --git a/openwrt/target/linux/control/kmod-ipt-conntrack.control b/openwrt/target/linux/control/kmod-ipt-conntrack.control
new file mode 100644 (file)
index 0000000..3528ec4
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-conntrack
+Priority: optional
+Section: net
+Description: Extra Netfilter (IPv4) kernel modules for connection tracking
diff --git a/openwrt/target/linux/control/kmod-ipt-extra.control b/openwrt/target/linux/control/kmod-ipt-extra.control
new file mode 100644 (file)
index 0000000..d336cc3
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-extra
+Priority: optional
+Section: net
+Description: Other extra Netfilter (IPv4) kernel modules
diff --git a/openwrt/target/linux/control/kmod-ipt-filter.control b/openwrt/target/linux/control/kmod-ipt-filter.control
new file mode 100644 (file)
index 0000000..8f5684d
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-filter
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for packet content inspection
diff --git a/openwrt/target/linux/control/kmod-ipt-ipopt.control b/openwrt/target/linux/control/kmod-ipt-ipopt.control
new file mode 100644 (file)
index 0000000..f0c9856
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ipopt
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for matching/changing IP packet options
diff --git a/openwrt/target/linux/control/kmod-ipt-ipsec.control b/openwrt/target/linux/control/kmod-ipt-ipsec.control
new file mode 100644 (file)
index 0000000..6baa3d4
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ipsec
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for matching special IPsec packets
diff --git a/openwrt/target/linux/control/kmod-ipt-nat-extra.control b/openwrt/target/linux/control/kmod-ipt-nat-extra.control
new file mode 100644 (file)
index 0000000..84b4294
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat-extra
+Priority: optional
+Section: net
+Description: Extra Netfilter (IPv4) NAT kernel modules for special protocols
diff --git a/openwrt/target/linux/control/kmod-ipt-nat.control b/openwrt/target/linux/control/kmod-ipt-nat.control
new file mode 100644 (file)
index 0000000..89fc843
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-nat
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel modules for different NAT targets
diff --git a/openwrt/target/linux/control/kmod-ipt-queue.control b/openwrt/target/linux/control/kmod-ipt-queue.control
new file mode 100644 (file)
index 0000000..ba96eb5
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-queue
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet queuing
diff --git a/openwrt/target/linux/control/kmod-ipt-ulog.control b/openwrt/target/linux/control/kmod-ipt-ulog.control
new file mode 100644 (file)
index 0000000..2ce0fdc
--- /dev/null
@@ -0,0 +1,4 @@
+Package: kmod-ipt-ulog
+Priority: optional
+Section: net
+Description: Netfilter (IPv4) kernel module for user-space packet logging
index 76e5268a58630c62a587c684363cda26aa2b349c..5a16a7ed6a8292d740be3933e23d56015bfae2b8 100644 (file)
@@ -50,6 +50,7 @@ ifeq ($(BOARD),ar7)
 include ./ar7.mk
 endif
 
+include ../netfilter.mk
 
 # Networking
 
@@ -62,6 +63,11 @@ $(eval $(call KMOD_template,GRE,gre,\
        $(MODULES_DIR)/kernel/net/ipv4/ip_gre.o \
 ,CONFIG_NET_IPGRE))
 
+$(eval $(call KMOD_template,IMQ,imq,\
+       $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.o \
+       $(MODULES_DIR)/kernel/drivers/net/imq.o \
+))
+
 $(eval $(call KMOD_template,IPV6,ipv6,\
        $(MODULES_DIR)/kernel/net/ipv6/ipv6.o \
 ,CONFIG_IPV6,,20,ipv6))
@@ -107,11 +113,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\
        $(MODULES_DIR)/kernel/net/bridge/netfilter/*.o \
 ,CONFIG_BRIDGE_NF_EBTABLES))
 
-$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\
-       $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.o \
+# metapackage for compatibility ...
+$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
+,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
+
+$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
+       $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
+       $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
+       $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
+       $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
+       $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
+       $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
+       $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+
+$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
+       $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
+))
+
+$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
+       $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).o) \
 ))
 
-$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\
+$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
        $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.o \
 ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
 
index f0ba690b5584764aab29dfbeafdfad475d647432..8b96ff9bff512df50931da44c602bfa85d17b41f 100644 (file)
@@ -51,6 +51,7 @@ ifeq ($(BOARD),x86)
 include ./x86.mk
 endif
 
+include ../netfilter.mk
 
 # Networking
 
@@ -63,6 +64,11 @@ $(eval $(call KMOD_template,GRE,gre,\
        $(MODULES_DIR)/kernel/net/ipv4/ip_gre.ko \
 ,CONFIG_NET_IPGRE))
 
+$(eval $(call KMOD_template,IMQ,imq,\
+       $(MODULES_DIR)/kernel/net/*/netfilter/*IMQ*.ko \
+       $(MODULES_DIR)/kernel/drivers/net/imq.ko \
+))
+
 $(eval $(call KMOD_template,IPV6,ipv6,\
        $(MODULES_DIR)/kernel/net/ipv6/ipv6.ko \
 ,CONFIG_IPV6,,20,ipv6))
@@ -105,11 +111,47 @@ $(eval $(call KMOD_template,EBTABLES,ebtables,\
        $(MODULES_DIR)/kernel/net/bridge/netfilter/*.ko \
 ,CONFIG_BRIDGE_NF_EBTABLES))
 
-$(eval $(call KMOD_template,IPTABLES_V4_EXTRA,iptables-extra,\
-       $(MODULES_DIR)/kernel/net/ipv4/netfilter/ip*.ko \
+# metapackage for compatibility ...
+$(eval $(call KMOD_template,IPTABLES_EXTRA,iptables-extra,\
+,,kmod-ipt-conntrack kmod-ipt-extra kmod-ipt-filter kmod-ipt-ipopt kmod-ipt-ipsec kmod-ipt-nat kmod-ipt-nat-extra kmod-ipt-queue kmod-ipt-ulogd))
+
+$(eval $(call KMOD_template,IPT_CONNTRACK,ipt-conntrack,\
+       $(foreach mod,$(IPKG_KMOD_IPT_CONNTRACK-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_EXTRA,ipt-extra,\
+       $(foreach mod,$(IPKG_KMOD_IPT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_FILTER,ipt-filter,\
+       $(foreach mod,$(IPKG_KMOD_IPT_FILTER-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_IPOPT,ipt-ipopt,\
+       $(foreach mod,$(IPKG_KMOD_IPT_IPOPT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_IPSEC,ipt-ipsec,\
+       $(foreach mod,$(IPKG_KMOD_IPT_IPSEC-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT,ipt-nat,\
+       $(foreach mod,$(IPKG_KMOD_IPT_NAT-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_NAT_EXTRA,ipt-nat-extra,\
+       $(foreach mod,$(IPKG_KMOD_IPT_NAT_EXTRA-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+,,,40,$(IPKG_KMOD_IPT_NAT_EXTRA-m)))
+
+$(eval $(call KMOD_template,IPT_QUEUE,ipt-queue,\
+       $(foreach mod,$(IPKG_KMOD_IPT_QUEUE-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
+))
+
+$(eval $(call KMOD_template,IPT_ULOG,ipt-ulog,\
+       $(foreach mod,$(IPKG_KMOD_IPT_ULOG-m),$(MODULES_DIR)/kernel/net/ipv4/netfilter/$(mod).ko) \
 ))
 
-$(eval $(call KMOD_template,IPTABLES_V6,ip6tables,\
+$(eval $(call KMOD_template,IP6TABLES,ip6tables,\
        $(MODULES_DIR)/kernel/net/ipv6/netfilter/ip*.ko \
 ,CONFIG_IP6_NF_IPTABLES,kmod-ipv6))
 
diff --git a/openwrt/target/linux/netfilter.mk b/openwrt/target/linux/netfilter.mk
new file mode 100644 (file)
index 0000000..64f4ced
--- /dev/null
@@ -0,0 +1,136 @@
+# $Id: netfilter.mk 2411 2005-11-11 03:41:43Z nico $
+
+#
+# kernel modules
+#
+
+IPKG_KMOD_IPT_CONNTRACK-m :=
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_KMOD_IPT_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_KMOD_IPT_EXTRA-m :=
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += multiport
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_KMOD_IPT_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_KMOD_IPT_FILTER-m :=
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_KMOD_IPT_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_KMOD_IPT_IPOPT-m :=
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_KMOD_IPT_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_KMOD_IPT_IPSEC-m :=
+IPKG_KMOD_IPT_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_KMOD_IPT_NAT-m :=
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_KMOD_IPT_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_KMOD_IPT_NAT_EXTRA-m := 
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic
+IPKG_KMOD_IPT_NAT_EXTRA-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp
+
+IPKG_KMOD_IPT_QUEUE-m :=
+IPKG_KMOD_IPT_QUEUE-$(CONFIG_IP_NF_QUEUE) += ip_queue
+
+IPKG_KMOD_IPT_ULOG-m :=
+IPKG_KMOD_IPT_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+
+#
+# iptables extensions
+#
+
+IPKG_IPTABLES-y := ipt_standard
+IPKG_IPTABLES-y := ipt_icmp ipt_tcp ipt_udp
+
+IPKG_IPTABLES_MOD_CONNTRACK-m :=
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNMARK) += ipt_connmark
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_TARGET_CONNMARK) += ipt_CONNMARK
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper
+IPKG_IPTABLES_MOD_CONNTRACK-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state
+
+IPKG_IPTABLES_MOD_EXTRA-m :=
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent
+IPKG_IPTABLES_MOD_EXTRA-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT
+
+IPKG_IPTABLES_MOD_FILTER-m :=
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p
+IPKG_IPTABLES_MOD_FILTER-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7
+
+IPKG_IPTABLES_MOD_IMQ-m :=
+IPKG_IPTABLES_MOD_IMQ-$(CONFIG_IP_NF_TARGET_IMQ) += ipt_IMQ
+
+IPKG_IPTABLES_MOD_IPOPT-m :=
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL
+IPKG_IPTABLES_MOD_IPOPT-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean
+
+IPKG_IPTABLES_MOD_IPSEC-m :=
+IPKG_IPTABLES_MOD_IPSEC-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah ipt_esp
+
+IPKG_IPTABLES_MOD_NAT-m :=
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_NAT) += ipt_SNAT ipt_DNAT
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR
+IPKG_IPTABLES_MOD_NAT-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT
+
+IPKG_IPTABLES_MOD_ULOG-m :=
+IPKG_IPTABLES_MOD_ULOG-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG
+
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_CONNTRACK-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_EXTRA-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_FILTER-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IMQ-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPOPT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_IPSEC-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_NAT-y)
+IPKG_IPTABLES-y += $(IPKG_IPTABLES_MOD_ULOG-y)
index f7e108658c1e3d6da8f4b72f9e5f5f8b93a59ad8..be151ea10f5ba7e94a3e89dc173e95741f21b33e 100644 (file)
@@ -37,10 +37,12 @@ endif
 
 $$(PKG_$(1)): $(LINUX_DIR)/.modules_done
        rm -rf $$(I_$(1))
-       mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION)
        $(SCRIPT_DIR)/make-ipkg-dir.sh $$(I_$(1)) ../control/kmod-$(2).control $(LINUX_VERSION)-$(BOARD)-$(PKG_RELEASE) $(ARCH)
        echo "Depends: $$(IDEPEND_$(1))" >> $$(I_$(1))/CONTROL/control
+ifneq ($(strip $(3)),)
+       mkdir -p $$(I_$(1))/lib/modules/$(LINUX_VERSION)
        cp $(3) $$(I_$(1))/lib/modules/$(LINUX_VERSION)
+endif
 ifneq ($(6),)
        mkdir -p $$(I_$(1))/etc/modules.d
        for module in $(7); do \