netfilter: add bpf match support

Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter. Match using Linux Socket Filter. Expects a BPF program in decimal format. This is the format generated by the nfbpf_compile utility. Signed-off-by: Alin Nastac <[email protected]>
roms2000 · Jun 26, 2018 · ab07ae2 · ab07ae2
1 parent 094d49c
commit ab07ae2
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/include/netfilter.mk b/include/netfilter.mk
@@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
 # filter
 
 $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
 
 
 # ipopt

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
@@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
  Netfilter (IPv4) kernel modules for packet content inspection
  Includes:
  - string
+ - bpf
 endef
 
 $(eval $(call KernelPackage,ipt-filter))

diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
@@ -151,6 +151,7 @@ Includes support for:
 
  Matches:
   - string
+  - bpf
 
 endef
-Original file line number
+Diff line change
@@ Expand Up @@
     # filter
     $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+    $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
     # ipopt
@@ Expand Down @@