From effa8fa4fd65c6e341dc4a534871c3c276a5e28e Mon Sep 17 00:00:00 2001
From: Nicolas Thill <nico@openwrt.org>
Date: Sat, 22 Sep 2007 18:37:24 +0000
Subject: add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper
 for RTSP (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8955 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 include/netfilter.mk | 40 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 37 insertions(+), 3 deletions(-)

(limited to 'include')

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 0531a6029f..440314dc16 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -22,6 +22,10 @@ endef
 
 # conntrack
 
+# kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))
+
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_MATCH_CONNBYTES, $(P_V4)ipt_connbytes))
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_CONNBYTES, $(P_XT)xt_connbytes))
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_IP_NF_MATCH_CONNMARK, $(P_V4)ipt_connmark))
@@ -43,7 +47,8 @@ $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_NOTRACK, $(P_XT)xt
 
 # extra
 
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_EXTRA,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw)))
+# kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_EXTRA,CONFIG_IP_NF_RAW, $(P_V4)iptable_raw),))
 
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_CONDITION, $(P_V4)ipt_condition))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_MATCH_OWNER, $(P_V4)ipt_owner))
@@ -58,6 +63,7 @@ $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_TARGET_CHAOS, $(P_XT)xt_CHAOS
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_TARGET_DELUDE, $(P_XT)xt_DELUDE))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
+#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
 
 
 # filter
@@ -117,6 +123,7 @@ $(eval $(call nf_add,IPT_IPRANGE,CONFIG_IP_NF_MATCH_IPRANGE, $(P_V4)ipt_iprange)
 $(eval $(call nf_add,IPT_IPSEC,CONFIG_IP_NF_MATCH_AH_ESP, $(P_V4)ipt_ah $(P_V4)ipt_esp))
 $(eval $(call nf_add,IPT_IPSEC,CONFIG_IP_NF_MATCH_AH, $(P_V4)ipt_ah))
 $(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_ESP, $(P_XT)xt_esp))
+$(eval $(call nf_add,IPT_IPSEC,CONFIG_NETFILTER_XT_MATCH_POLICY, $(P_XT)xt_policy))
 
 
 # ipset
@@ -137,9 +144,14 @@ $(eval $(call nf_add,IPT_IPSET,CONFIG_IP_NF_TARGET_SET, $(P_V4)ipt_SET))
 
 # nat
 
+# kernel only
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT,$(P_V4)nf_nat $(P_V4)iptable_nat),))
+# userland only
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)ipt_SNAT $(P_V4)ipt_DNAT)))
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)ipt_SNAT $(P_V4)ipt_DNAT)))
 
+
 $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE))
 $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MIRROR, $(P_V4)ipt_MIRROR))
 $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP))
@@ -150,27 +162,46 @@ $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT))
 
 $(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_IP_NF_FTP, $(P_V4)ip_conntrack_ftp))
 $(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_IP_NF_NAT_FTP, $(P_V4)ip_nat_ftp))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_CONNTRACK_FTP, $(P_XT)nf_conntrack_ftp))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_NAT_FTP, $(P_V4)nf_nat_ftp))
 $(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_IP_NF_IRC, $(P_V4)ip_conntrack_irc))
 $(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_IP_NF_NAT_IRC, $(P_V4)ip_nat_irc))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_conntrack_irc))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_NAT_IRC, $(P_V4)nf_nat_irc))
 $(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_IP_NF_TFTP, $(P_V4)ip_conntrack_tftp))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_CONNTRACK_TFTP, $(P_XT)nf_conntrack_tftp))
+$(eval $(call nf_add,IPT_NAT_DEFAULT,CONFIG_NF_NAT_TFTP, $(P_V4)nf_nat_tftp))
 
 
 # nathelper-extra
 
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_AMANDA, $(P_V4)ip_conntrack_amanda))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_V4)nf_nat_amanda))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_CT_PROTO_GRE, $(P_V4)ip_conntrack_proto_gre))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_PROTO_GRE, $(P_V4)ip_nat_proto_gre))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_H323, $(P_V4)ip_conntrack_h323))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_H323, $(P_V4)ip_nat_h323))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_H323, $(P_V4)nf_nat_h323))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_MMS, $(P_V4)ip_conntrack_mms))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_MMS, $(P_V4)ip_nat_mms))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_PPTP, $(P_V4)ip_conntrack_pptp))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_PPTP, $(P_V4)ip_nat_pptp))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CONNTRACK_PPTP, $(P_XT)nf_conntrack_pptp))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_PPTP, $(P_V4)nf_nat_pptp))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_RTSP, $(P_V4)ip_conntrack_rtsp))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_RTSP, $(P_V4)ip_nat_rtsp))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CONNTRACK_RTSP, $(P_XT)nf_conntrack_rtsp))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_RTSP, $(P_V4)nf_nat_rtsp))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_SIP, $(P_V4)ip_conntrack_sip))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_SIP, $(P_V4)ip_nat_sip))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_CONNTRACK_SIP, $(P_XT)nf_conntrack_sip))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_SIP, $(P_V4)nf_nat_sip))
 $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_NAT_SNMP_BASIC, $(P_V4)ip_nat_snmp_basic))
+$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_NF_NAT_SNMP_BASIC, $(P_V4)nf_nat_snmp_basic))
 
 
 # queue
@@ -183,13 +214,16 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
 $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
 
 
-IPT_BUILTIN := $(P_V4)ipt_standard
-IPT_BUILTIN += $(P_V4)ipt_icmp $(P_V4)ipt_tcp $(P_V4)ipt_udp
+# userland only
+IPT_BUILTIN := $(if $(NF_KMOD),,$(P_V4)ipt_standard)
+IPT_BUILTIN += $(if $(NF_KMOD),,$(P_V4)ipt_icmp $(P_V4)ipt_tcp $(P_V4)ipt_udp)
+
 IPT_BUILTIN += $(IPT_CONNTRACK-y)
 IPT_BUILTIN += $(IPT_EXTRA-y)
 IPT_BUILTIN += $(IPT_FILTER-y)
 IPT_BUILTIN += $(IPT_IMQ-y)
 IPT_BUILTIN += $(IPT_IPOPT-y)
+IPT_BUILTIN += $(IPT_IPRANGE-y)
 IPT_BUILTIN += $(IPT_IPSEC-y)
 IPT_BUILTIN += $(IPT_IPSET-y)
 IPT_BUILTIN += $(IPT_NAT-y)
-- 
cgit v1.2.3