From patchwork Fri Feb 25 03:09:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yousong Zhou <yszhou4tech@gmail.com>
X-Patchwork-Id: 1597454
X-Patchwork-Delegate: yszhou4tech@gmail.com
Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=0c7Tycgc;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20210112 header.b=P9yqWMMH;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:e::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4Zbm5VNDz9sFv
	for <incoming@patchwork.ozlabs.org>; Fri, 25 Feb 2022 14:13:24 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:
	Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=YzAiAPJgT+S5jwd3IxP6EfUM259WebWGoH7ihUJJ13o=; b=0c7Tycgcnb5PfI
	cxWidbwvXifKCnwtzfvawQmAb9dOeVu4m7B5yI5DcfpWdnnawDXpx9XzkdyE5umkCapwaF3RmH7fM
	vk04Yxbo5lIIYHsnRGtyMom595Gjm2w9aEh8RwDoNSpjHyMRpYHblCadFs4M5ORfTmchXKnuB9azR
	TMh3nhIjtyBG4HU33X5NGYUHOaHzF9Sha4n2alWjrsSOQyx3u8ucmMaYAagaqSoVUN2f+FRWmALyP
	888zCY2bYaXFeX00BZ5l7BaNPN9sFYrSlhyShqkyMEustvK70e0DTiKuFbugM63EDC/RY6xboS8WH
	rYGrZIrCP0EMM5ATnicg==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nNQzz-0033E2-J3; Fri, 25 Feb 2022 03:10:27 +0000
Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033])
 by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
 id 1nNQzj-0033CQ-Sh
 for openwrt-devel@lists.openwrt.org; Fri, 25 Feb 2022 03:10:13 +0000
Received: by mail-pj1-x1033.google.com with SMTP id
 ge19-20020a17090b0e1300b001bcca16e2e7so2900320pjb.3
 for <openwrt-devel@lists.openwrt.org>; Thu, 24 Feb 2022 19:10:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=yujPxqZ8klSruN1hnBJjjHPlPQmlJrRvoj0/e0p6I2E=;
 b=P9yqWMMHTIv8b9+Kg9Mn03YMnyXcN75eO2cC2KXRPu8Q09gBK5pL9tCzHfpC7GGqEv
 v7DL6QdMqHzN7oYygGsaAL4T9GSP6U9My9tbn7upmHsR86NxJFSohvF0KQ5zbypB0AQ0
 ScbTHaQYK64D/DsOo7SBrJtN/aDB7NyTfABjDJxJ+++iwPVHU0IK6whtyitllQ1UxEPq
 z15Cir5eDRuqP5drXr9gdlfnR+VQ1Q61wkBjykwB3uTy6+Kfkr8uLuiQkuPeVhvTBVzk
 jB3Rx0Dr+d+opJrp3WYZssnYePrBVnp97FivdaWkC61Hu8RLqD/evAMSBY432BibLCQA
 BvrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=yujPxqZ8klSruN1hnBJjjHPlPQmlJrRvoj0/e0p6I2E=;
 b=3Usar8AqVS6jX+Af/yjnenzHpYcHvFQTLhk1Af/M+9XyRTG49r1ttN+tbomEPHOTNO
 +bNwHu0+kB8NgUfeJiNuEEHrMu/eT7U2LUdEh57gaeq28ijAm+ftynsHBgS37rle5oGi
 LdRA4pciWUnKJokx6UgpiH7K9LZvJb2sgVjC2fhqoGyo9Ly7sK4w8eUAW50eVUEJgrSu
 BN2UrielYfemTzTsipbiLzA/70a2Jf/McJ2Xqb1+ggmkbp8yYbWW9M5zwE2HgYvL1KzC
 Pf4BLJtR59GPAvRk3RMe/0QKRHp88QaqqYrOq8UQ33AlsZoYOX0+TUd/tgFmA+Y0an44
 vowQ==
X-Gm-Message-State: AOAM5336b2/NcPrn9k1sWiya2ZEnDE/P2LkQWbjTlm+N3oVsN9lL8Zap
 jnwGiPwh41K5EIaQN59ULRu30kvBG3iaC3okG/JeUA==
X-Google-Smtp-Source: 
 ABdhPJxzMQqmxM8zLkEmU0NT1uUAvO37+br1vaap3z50e3ujh3gzKjNYLMv21u6ZycjI6fcAGU2cIQ==
X-Received: by 2002:a17:902:8509:b0:14e:f9b7:6cab with SMTP id
 bj9-20020a170902850900b0014ef9b76cabmr5741366plb.162.1645758610989;
 Thu, 24 Feb 2022 19:10:10 -0800 (PST)
Received: from function-compute011164025190.na62.tbsite.net ([203.119.241.73])
 by smtp.gmail.com with ESMTPSA id
 lp5-20020a17090b4a8500b001b95890248fsm660117pjb.27.2022.02.24.19.10.09
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 24 Feb 2022 19:10:10 -0800 (PST)
From: Yousong Zhou <yszhou4tech@gmail.com>
To: openwrt-devel@lists.openwrt.org
Cc: jo@mein.io,
	Yousong Zhou <yszhou4tech@gmail.com>
Subject: [PATCH 2/3] netfilter: add kmod-nft-socket
Date: Fri, 25 Feb 2022 03:09:54 +0000
Message-Id: <20220225030955.1981364-2-yszhou4tech@gmail.com>
In-Reply-To: <20220225030955.1981364-1-yszhou4tech@gmail.com>
References: <20220225030955.1981364-1-yszhou4tech@gmail.com>
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20220224_191011_947454_DCC58477 
X-CRM114-Status: UNSURE (   6.63  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Signed-off-by: Yousong Zhou --- include/netfilter.mk | 2 ++
 package/kernel/linux/modules/netfilter.mk | 11 +++++++++++ 2 files changed,
 13 insertions(+) diff --git a/include/netfilter.mk b/include/netfilter.mk
 index 751fabef19..83455cc378 100644 --- a/include/netfilter.mk +++
 b/include/netfilter.mk
 @@ -351,6 +351,8 @@ $(eval $(if $(NF_KMOD),$(call nf_ [...]
 Content analysis details:   (-0.2 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
 no trust [2607:f8b0:4864:20:0:0:0:1033 listed in]
 [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider [yszhou4tech[at]gmail.com]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
---
 include/netfilter.mk                      |  2 ++
 package/kernel/linux/modules/netfilter.mk | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 751fabef19..83455cc378 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -351,6 +351,8 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
 
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),))
+
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
 
 # userland only
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 85780306f3..7200af769f 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -1217,6 +1217,17 @@ endef
 
 $(eval $(call KernelPackage,nft-queue))
 
+define KernelPackage/nft-socket
+  SUBMENU:=$(NF_MENU)
+  TITLE:=Netfilter nf_tables socket support
+  DEPENDS:=+kmod-nft-core +kmod-nf-socket
+  FILES:=$(foreach mod,$(NFT_SOCKET-m),$(LINUX_DIR)/net/$(mod).ko)
+  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFT_SOCKET-m)))
+  KCONFIG:=$(KCONFIG_NFT_SOCKET)
+endef
+
+$(eval $(call KernelPackage,nft-socket))
+
 define KernelPackage/nft-compat
   SUBMENU:=$(NF_MENU)
   TITLE:=Netfilter nf_tables compat support