From 2d27ebbb9338c114b3b5403cd4eb6fc05ef1ed6a Mon Sep 17 00:00:00 2001
From: Kristian Evensen <kristian.evensen@gmail.com>
Date: Mon, 22 Jan 2018 18:52:28 +0100
Subject: iptables: Support building connlabel module

It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
---
 package/kernel/linux/modules/netfilter.mk | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'package/kernel/linux')

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index d44d2f8..82d5604 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -187,6 +187,21 @@ endef
 
 $(eval $(call KernelPackage,ipt-conntrack-extra))
 
+define KernelPackage/ipt-conntrack-label
+  TITLE:=Module for handling connection tracking labels
+  KCONFIG:=$(KCONFIG_IPT_CONNTRACK_LABEL)
+  FILES:=$(foreach mod,$(IPT_CONNTRACK_LABEL-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_CONNTRACK_LABEL-m)))
+  $(call AddDepends/ipt,+kmod-ipt-conntrack)
+endef
+
+define KernelPackage/ipt-conntrack-label/description
+ Netfilter (IPv4) module for handling connection tracking labels
+ Includes:
+ - connlabel
+endef
+
+$(eval $(call KernelPackage,ipt-conntrack-label))
 
 define KernelPackage/ipt-filter
   TITLE:=Modules for packet content inspection
-- 
cgit v1.1