domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: Add queue support for nftables

Browse Source 
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule

Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
This commit is contained in:
Brett Mastbergen
2020-10-30 10:35:05 -04:00
committed by Petr Štetiar
parent 65f3e7ce1f
commit df8e4906f7
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/netfilter.mk
View File

@@ -355,6 +355,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_INET, $(P_XT)nft_fib
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV4, $(P_V4)nft_fib_ipv4),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV4, $(P_V4)nft_fib_ipv4),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib_ipv6),)) $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib_ipv6),))
$(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
# userland only # userland only
IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m) IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)

12
package/kernel/linux/modules/netfilter.mk
View File

@@ -1167,3 +1167,15 @@ define KernelPackage/nft-fib
endef endef
$(eval $(call KernelPackage,nft-fib)) $(eval $(call KernelPackage,nft-fib))
define KernelPackage/nft-queue
SUBMENU:=$(NF_MENU)
TITLE:=Netfilter nf_tables queue support
DEPENDS:=+kmod-nft-core +kmod-nfnetlink-queue
FILES:=$(foreach mod,$(NFT_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_QUEUE-m)))
KCONFIG:=$(KCONFIG_NFT_QUEUE)
endef
$(eval $(call KernelPackage,nft-queue))