summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorFelix Fietkau <nbd@openwrt.org>2014-11-03 22:01:45 +0000
committerFelix Fietkau <nbd@openwrt.org>2014-11-03 22:01:45 +0000
commit9a2cf10c33e30b89083ac48e2777cc06f899aee7 (patch)
tree349d2acd8cd91b93b728b59b0c1216e8782651f9 /include
parent2c72ffc154c70b371a93f179587d899bbba921ca (diff)
downloadmtk-20170518-9a2cf10c33e30b89083ac48e2777cc06f899aee7.zip
mtk-20170518-9a2cf10c33e30b89083ac48e2777cc06f899aee7.tar.gz
mtk-20170518-9a2cf10c33e30b89083ac48e2777cc06f899aee7.tar.bz2
netfilter: Enable compiling iptables match cluster
This patch adds the userspace and kernelspace for - match NETFILTER_XT_MATCH_CLUSTER This match can be used to deploy gateway and back-end load-sharing clusters. - target IP_NF_TARGET_CLUSTERIP This module allows you to configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them. Connections are statically distributed between the nodes in this cluster. This is used i.e. by strongswan-ha. Signed-off-by: Christian Scheele <cs@embedd.com> SVN-Revision: 43174
Diffstat (limited to 'include')
-rw-r--r--include/netfilter.mk7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index fd119c5..72c66d9 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -46,6 +46,9 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_MULTIPORT, $(P_XT)xt_mul
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comment))
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_ID, $(P_XT)xt_id))
+#cluster
+$(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))
+
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG, ge 3.4.0))
$(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_LOG, $(P_V4)ipt_LOG, lt 3.4.0))
$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
@@ -126,6 +129,8 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_HL, $(P_XT)xt_HL))
# iprange
$(eval $(call nf_add,IPT_IPRANGE,CONFIG_NETFILTER_XT_MATCH_IPRANGE, $(P_XT)xt_iprange))
+#clusterip
+$(eval $(call nf_add,IPT_CLUSTERIP,CONFIG_IP_NF_TARGET_CLUSTERIP, $(P_V4)ipt_CLUSTERIP))
# ipsec
$(eval $(call nf_add,IPT_IPSEC,CONFIG_IP_NF_MATCH_AH, $(P_V4)ipt_ah))
@@ -346,6 +351,8 @@ IPT_BUILTIN += $(IPT_EXTRA-y)
IPT_BUILTIN += $(IPT_FILTER-y)
IPT_BUILTIN += $(IPT_IPOPT-y)
IPT_BUILTIN += $(IPT_IPRANGE-y)
+IPT_BUILTIN += $(IPT_CLUSTER-y)
+IPT_BUILTIN += $(IPT_CLUSTERIP-y)
IPT_BUILTIN += $(IPT_IPSEC-y)
IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m)
IPT_BUILTIN += $(NF_NAT-y)