diff options
| author | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-07-03 09:26:50 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-07-03 09:26:50 +0000 |
| commit | 87c406c4962ea52f467b9807daf66e3652bd0e9b (patch) | |
| tree | 31bc9528cc8360ed486fcbcd971130bb5cbf5800 /kernel | |
| parent | 871d699f171cf7fe7a80d6b5d2437706d2aeef0b (diff) | |
Support statically linked kernel - no need for pom-ng anymore for ipset at all.
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/Kconfig.ipset | 116 | ||||
| -rw-r--r-- | kernel/Makefile.ipset | 14 | ||||
| -rwxr-xr-x | kernel/patch_kernel | 41 |
3 files changed, 171 insertions, 0 deletions
diff --git a/kernel/Kconfig.ipset b/kernel/Kconfig.ipset new file mode 100644 index 0000000..2c6022a --- /dev/null +++ b/kernel/Kconfig.ipset @@ -0,0 +1,116 @@ +config IP_NF_SET + tristate "IP set support" + depends on INET && NETFILTER + help + This option adds IP set support to the kernel. + In order to define and use sets, you need the userspace utility + ipset(8). + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_MAX + int "Maximum number of IP sets" + default 256 + range 2 65534 + depends on IP_NF_SET + help + You can define here default value of the maximum number + of IP sets for the kernel. + + The value can be overriden by the 'max_sets' module + parameter of the 'ip_set' module. + +config IP_NF_SET_HASHSIZE + int "Hash size for bindings of IP sets" + default 1024 + depends on IP_NF_SET + help + You can define here default value of the hash size for + bindings of IP sets. + + The value can be overriden by the 'hash_size' module + parameter of the 'ip_set' module. + +config IP_NF_SET_IPMAP + tristate "ipmap set support" + depends on IP_NF_SET + help + This option adds the ipmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_MACIPMAP + tristate "macipmap set support" + depends on IP_NF_SET + help + This option adds the macipmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_PORTMAP + tristate "portmap set support" + depends on IP_NF_SET + help + This option adds the portmap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPHASH + tristate "iphash set support" + depends on IP_NF_SET + help + This option adds the iphash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_NETHASH + tristate "nethash set support" + depends on IP_NF_SET + help + This option adds the nethash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPPORTHASH + tristate "ipporthash set support" + depends on IP_NF_SET + help + This option adds the ipporthash set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPTREE + tristate "iptree set support" + depends on IP_NF_SET + help + This option adds the iptree set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_SET_IPTREEMAP + tristate "iptreemap set support" + depends on IP_NF_SET + help + This option adds the iptreemap set type support. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_MATCH_SET + tristate "set match support" + depends on IP_NF_SET + help + Set matching matches against given IP sets. + You need the ipset utility to create and set up the sets. + + To compile it as a module, choose M here. If unsure, say N. + +config IP_NF_TARGET_SET + tristate "SET target support" + depends on IP_NF_SET + help + The SET target makes possible to add/delete entries + in IP sets. + You need the ipset utility to create and set up the sets. + + To compile it as a module, choose M here. If unsure, say N. + diff --git a/kernel/Makefile.ipset b/kernel/Makefile.ipset new file mode 100644 index 0000000..bb3c131 --- /dev/null +++ b/kernel/Makefile.ipset @@ -0,0 +1,14 @@ +# ipset +obj-$(CONFIG_IP_NF_SET) += ip_set.o +obj-$(CONFIG_IP_NF_SET_IPMAP) += ip_set_ipmap.o +obj-$(CONFIG_IP_NF_SET_PORTMAP) += ip_set_portmap.o +obj-$(CONFIG_IP_NF_SET_MACIPMAP) += ip_set_macipmap.o +obj-$(CONFIG_IP_NF_SET_IPHASH) += ip_set_iphash.o +obj-$(CONFIG_IP_NF_SET_NETHASH) += ip_set_nethash.o +obj-$(CONFIG_IP_NF_SET_IPPORTHASH) += ip_set_ipporthash.o +obj-$(CONFIG_IP_NF_SET_IPTREE) += ip_set_iptree.o +obj-$(CONFIG_IP_NF_SET_IPTREEMAP) += ip_set_iptreemap.o + +# match and target +obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o +obj-$(CONFIG_IP_NF_TARGET_SET) += ipt_SET.o diff --git a/kernel/patch_kernel b/kernel/patch_kernel new file mode 100755 index 0000000..f5b800b --- /dev/null +++ b/kernel/patch_kernel @@ -0,0 +1,41 @@ +#!/bin/bash + +# set -e + +kconfig() { + file=$1/net/ipv4/netfilter/Kconfig + if [ "`grep 'config IP_NF_SET' $file`" ]; then + return + fi + mv $file $file.orig + grep -v endmenu $file.orig > $file + cat Kconfig.ipset >> $file + echo "endmenu" >> $file +} + +makefile() { + file=$1/net/ipv4/netfilter/Makefile + if [ "`grep CONFIG_IP_NF_SET $file`" ]; then + return + fi + cp $file $file.orig + cat Makefile.ipset >> $file +} + +tree() { + cp include/linux/netfilter_ipv4/* $1/include/linux/netfilter_ipv4/ + cp *.c $1/net/ipv4/netfilter/ +} + +if [ -z "$1" ]; then + echo "Error: missing kernel directory parameter." + exit 1 +fi +if [ ! -f $1/net/ipv4/netfilter/Kconfig ]; then + echo "Error: the directory $1 doesn't look like a Linux 2.6.x kernel source tree." + exit 1 +fi + +tree $1 +kconfig $1 +makefile $1 |