update netfilter configs, enable support for 3.14 kernels

mk/modules-3.14.mk

@@ -3,3 +3,6 @@
 
 USBMODULES:=drivers/usb/usb-common drivers/usb/core/usbcore
 USBUDC:=gadget
+NF_NAT_MASQ:=net/ipv4/netfilter/nf_nat_ipv4
+NF_REJECT:=net/ipv4/netfilter/ipt_REJECT
+LOCKD:=fs/lockd/lockd

mk/modules-3.18.mk

@@ -3,3 +3,6 @@
 
 USBMODULES:=drivers/usb/common/usb-common drivers/usb/core/usbcore
 USBUDC:=gadget/udc
+NF_NAT_MASQ:=net/ipv4/netfilter/nf_nat_ipv4 net/ipv4/netfilter/nf_nat_masquerade_ipv4
+NF_REJECT:=net/ipv4/netfilter/ipt_REJECT net/ipv4/netfilter/nf_reject_ipv4
+LOCKD:=fs/nfs_common/grace fs/lockd/lockd

mk/modules.mk

@@ -499,8 +499,7 @@ $(eval $(call KMOD_template,NF_CONNTRACK_IPV4,nf-conntrack-ipv4,\
 ,46))
 
 $(eval $(call KMOD_template,NF_NAT_IPV4,nf-nat-ipv4,\
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_nat_ipv4 \
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_nat_masquerade_ipv4 \
+	$(foreach mod, $(NF_NAT_MASQ),$(MODULES_DIR)/kernel/$(mod)) \
 ,50))
 
 $(eval $(call KMOD_template,IP_NF_NAT,ip-nf-nat,\
@@ -601,8 +600,7 @@ $(eval $(call KMOD_template,IP_NF_FILTER,ip-nf-filter,\
 ,55))
 
 $(eval $(call KMOD_template,IP_NF_TARGET_REJECT,ip-nf-target-reject,\
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/nf_reject_ipv4 \
-	$(MODULES_DIR)/kernel/net/ipv4/netfilter/ipt_REJECT \
+	$(foreach mod, $(NF_REJECT),$(MODULES_DIR)/kernel/$(mod)) \
 ,60))
 
 $(eval $(call KMOD_template,IP_NF_TARGET_TCPMSS,ip-nf-target-tcpmss,\
@@ -1114,8 +1112,7 @@ $(eval $(call KMOD_template,RPCSEC_GSS_KRB5,rpcsec-gss-krb5,\
 ,26))
 
 $(eval $(call KMOD_template,LOCKD,lockd,\
-	$(MODULES_DIR)/kernel/fs/nfs_common/grace \
-	$(MODULES_DIR)/kernel/fs/lockd/lockd \
+	$(foreach mod, $(LOCKD),$(MODULES_DIR)/kernel/$(mod)) \
 ,27))
 
 ifneq ($(ADK_KERNEL_NFS_FS),y)

target/linux/config/Config.in.netfilter

@@ -1,114 +1,84 @@
 menu "Netfilter"
 
 config ADK_KERNEL_NETFILTER
-	boolean
-	default y if ADK_PACKAGE_IPTABLES
-	default n
+	bool
 
 config ADK_KERNEL_NETFILTER_ADVANCED
-	boolean
-	default y if ADK_PACKAGE_IPTABLES
-	default n
+	bool
 
 config ADK_KERNEL_BRIDGE_NETFILTER
-	boolean
-	default y if ADK_PACKAGE_EBTABLES
-	default n
+	bool
 
 config ADK_KERNEL_NETFILTER_XTABLES
 	tristate
 	select ADK_KERNEL_NETFILTER
 	select ADK_KERNEL_NETFILTER_ADVANCED
-	default y if ADK_PACKAGE_IPTABLES
-	default n
 
 config ADK_KERNEL_NETFILTER_DEBUG
-	boolean
-	default n
+	bool
 
 config ADK_KERNEL_IP_NF_MATCH_LAYER7_DEBUG
-	boolean
-	default n
+	bool
 
 config ADK_KERNEL_IP_NF_TARGET_MIRROR
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_NAT_SNMP_BASIC
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_TARGET_DSCP
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_TARGET_MARK
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_TARGET_CLASSIFY
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_TARGET_IMQ
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_TARGET_CONNMARK
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_ARPTABLES
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_COMPAT_IPCHAINS
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_COMPAT_IPFWADM
 	tristate
-	default n
 
 config ADK_KERNEL_IP6_NF_QUEUE
 	tristate
-	default n
 
 config ADK_KERNEL_IP6_NF_IPTABLES
 	tristate
-	default n
 
 config ADK_KERNEL_IP_ROUTE_FWMARK
-	boolean
-	default n
+	bool
 
 config ADK_KERNEL_IP_NF_QUEUE
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_TIME
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_CONDITION
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_DSCP
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_AH_ESP
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_LENGTH
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_HELPER
 	tristate
-	default n
 
 # cannot be ADK_KERNEL_IP_NF_MATCH_STATE because
 # netfilter is built as a module -> this'll always be
@@ -116,34 +86,27 @@ config ADK_KERNEL_IP_NF_MATCH_HELPER
 config ADK_KERNEL_IP_NF_MATCH_STATE
 	tristate
 	select ADK_KERNEL_NETFILTER_XT_MATCH_STATE
-	default n
 
 config ADK_KERNEL_NETFILTER_XT_NAT
 	tristate
-	default n
 
 config ADK_KERNEL_NETFILTER_XT_MATCH_STATE
 	tristate
-	default n
 
 # cannot be ADK_KERNEL_IP_NF_MATCH_CONNTRACK because
 # netfilter is built as a module -> this'll always be
 # a module, too
 config ADK_KERNEL_NETFILTER_XT_MATCH_CONNTRACK
 	tristate
-	default n
 
 config ADK_KERNEL_NETFILTER_XT_MATCH_CONNMARK
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_UNCLEAN
 	tristate
-	default n
 
 config ADK_KERNEL_IP_NF_MATCH_STRING
 	tristate
-	default n
 
 menu "Core Netfilter Configuration"
 source target/linux/config/Config.in.netfilter.core

target/linux/config/Config.in.netfilter.core

@@ -138,7 +138,6 @@ config ADK_KERNEL_NETFILTER_XT_TARGET_CHECKSUM
 	select ADK_KERNEL_NETFILTER_XTABLES
 	select ADK_KERNEL_IP_NF_MANGLE
 	select ADK_KERNEL_NETFILTER_ADVANCED
-	help
 
 config ADK_KERNEL_NETFILTER_XT_TARGET_CLASSIFY
 	tristate '"CLASSIFY" target support'
@@ -189,6 +188,5 @@ config ADK_KERNEL_NETFILTER_XT_TARGET_LOG
 config ADK_KERNEL_NETFILTER_XT_TARGET_TCPMSS
 	tristate '"TCPMSS" target support'
 	select ADK_KERNEL_NETFILTER_XTABLES
-	help
 
 endmenu

target/linux/config/Config.in.netfilter.ebt

@@ -1,6 +1,5 @@
 config ADK_KERNEL_BRIDGE_NF_EBTABLES
-	prompt 'Ethernet Bridge tables support'
-	tristate
+	tristate 'Ethernet Bridge tables support'
 	select ADK_KERNEL_BRIDGE_NETFILTER
 	default n
 	help
@@ -9,8 +8,7 @@ config ADK_KERNEL_BRIDGE_NF_EBTABLES
 	  filtering/NAT/brouting on the Ethernet bridge.
 
 config ADK_KERNEL_BRIDGE_EBT_BROUTE
-	prompt "broute table support"
-	tristate
+	tristate "broute table support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -22,8 +20,7 @@ config ADK_KERNEL_BRIDGE_EBT_BROUTE
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config ADK_KERNEL_BRIDGE_EBT_T_FILTER
-	prompt "filter table support"
-	tristate
+	tristate "filter table support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -34,8 +31,7 @@ config ADK_KERNEL_BRIDGE_EBT_T_FILTER
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config ADK_KERNEL_BRIDGE_EBT_T_NAT
-	prompt "nat table support"
-	tristate
+	tristate "nat table support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -43,23 +39,18 @@ config ADK_KERNEL_BRIDGE_EBT_T_NAT
 	  source address (MAC SNAT) or the MAC destination address (MAC DNAT).
 	  See the man page for ebtables(8).
 
-	  To compile it as a module, choose M here.  If unsure, say N.
 #
 # matches
 #
 config ADK_KERNEL_BRIDGE_EBT_802_3
-	prompt "802.3 filter support"
-	tristate
+	tristate "802.3 filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds matching support for 802.3 Ethernet frames.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_AMONG
-	prompt "among filter support"
-	tristate
+	tristate "among filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -67,44 +58,32 @@ config ADK_KERNEL_BRIDGE_EBT_AMONG
 	  and/or destination address on a list of addresses. Optionally,
 	  MAC/IP address pairs can be matched, f.e. for anti-spoofing rules.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_ARP
-	prompt "ARP filter support"
-	tristate
+	tristate "ARP filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the ARP match, which allows ARP and RARP header field
 	  filtering.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_IP
-	prompt "IP filter support"
-	tristate
+	tristate "IP filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the IP match, which allows basic IP header field
 	  filtering.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_IP6
-	prompt "IP6 filter support"
-	tristate
+	tristate "IP6 filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES && ADK_KERNEL_IPV6
 	default n
 	help
 	  This option adds the IP6 match, which allows basic IPV6 header field
 	  filtering.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_LIMIT
-	prompt "limit match support"
-	tristate
+	tristate "limit match support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -112,12 +91,8 @@ config ADK_KERNEL_BRIDGE_EBT_LIMIT
 	  the rate at which a rule can be matched. This match is the
 	  equivalent of the iptables limit match.
 
-	  If you want to compile it as a module, say M here and read
-	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
-
 config ADK_KERNEL_BRIDGE_EBT_MARK
-	prompt "mark filter support"
-	tristate
+	tristate "mark filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -126,11 +101,8 @@ config ADK_KERNEL_BRIDGE_EBT_MARK
 	  This value is the same as the one used in the iptables mark match and
 	  target.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_PKTTYPE
-	prompt "packet type filter support"
-	tristate
+	tristate "packet type filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -139,57 +111,43 @@ config ADK_KERNEL_BRIDGE_EBT_PKTTYPE
 	  the generic networking code): broadcast, multicast,
 	  for this host alone or for another host.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_STP
-	prompt "STP filter support"
-	tristate
+	tristate "STP filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the Spanning Tree Protocol match, which
 	  allows STP header field filtering.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_VLAN
-	prompt "802.1Q VLAN filter support"
-	tristate
+	tristate "802.1Q VLAN filter support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the 802.1Q vlan match, which allows the filtering of
 	  802.1Q vlan fields.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
 #
 # targets
 #
 config ADK_KERNEL_BRIDGE_EBT_ARPREPLY
-	prompt "arp reply target support"
-	tristate
+	tristate "arp reply target support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the arp reply target, which allows
 	  automatically sending arp replies to arp requests.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_DNAT
-	prompt "dnat target support"
-	tristate
+	tristate "dnat target support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the MAC DNAT target, which allows altering the MAC
 	  destination address of frames.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_MARK_T
-	prompt "mark target support"
-	tristate
+	tristate "mark target support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -198,35 +156,27 @@ config ADK_KERNEL_BRIDGE_EBT_MARK_T
 	  This value is the same as the one used in the iptables mark match and
 	  target.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_REDIRECT
-	prompt "redirect target support"
-	tristate
+	tristate "redirect target support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the MAC redirect target, which allows altering the MAC
 	  destination address of a frame to that of the device it arrived on.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_SNAT
-	prompt "snat target support"
-	tristate
+	tristate "snat target support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
 	  This option adds the MAC SNAT target, which allows altering the MAC
 	  source address of frames.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
 #
 # watchers
 #
 config ADK_KERNEL_BRIDGE_EBT_LOG
-	prompt "log support"
-	tristate
+	tristate "log support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -234,11 +184,8 @@ config ADK_KERNEL_BRIDGE_EBT_LOG
 	  in any ebtables table. It records info about the frame header
 	  to the syslog.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_ULOG
-	prompt "ulog support"
-	tristate
+	tristate "ulog support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -253,11 +200,8 @@ config ADK_KERNEL_BRIDGE_EBT_ULOG
 	  sent to userspace instead of a descriptive text and that
 	  netlink multicast sockets are used instead of the syslog.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-
 config ADK_KERNEL_BRIDGE_EBT_NFLOG
-	prompt "nflog support"
-	tristate
+	tristate "nflog support"
 	depends on ADK_KERNEL_BRIDGE_NF_EBTABLES
 	default n
 	help
@@ -269,5 +213,3 @@ config ADK_KERNEL_BRIDGE_EBT_NFLOG
 	  This option adds the nflog watcher, that you can use in any rule
 	  in any ebtables table.
 
-	  To compile it as a module, choose M here.  If unsure, say N.
-

target/linux/config/Config.in.netfilter.ip6

@@ -3,7 +3,6 @@ config ADK_KERNEL_NF_CONNTRACK_IPV6
 	tristate
 	select ADK_KERNEL_NF_CONNTRACK
 	select ADK_KERNEL_IPV6
-	default y if ADK_TARGET_IPTABLES
 	default n
 	help
 	  Connection tracking keeps a record of what packets have passed
@@ -20,7 +19,6 @@ config ADK_KERNEL_IP6_NF_IPTABLES
 	tristate "IP6 tables support (required for filtering)"
 	select ADK_KERNEL_NETFILTER_XTABLES
 	select ADK_KERNEL_IPV6
-	default y if ADK_TARGET_IPTABLES
 	default n
 	help
 	  ip6tables is a general, extensible packet identification framework.
@@ -91,9 +89,7 @@ config ADK_KERNEL_IP6_NF_MATCH_RT
 # The targets
 
 config ADK_KERNEL_IP6_NF_FILTER
-	prompt "Packet filtering"
-	tristate
-	default y if ADK_TARGET_IPTABLES
+	tristate "Packet filtering"
 	default n
 	help
 	  Packet filtering defines a table `filter', which has a series of
@@ -122,7 +118,7 @@ config ADK_KERNEL_IP6_NF_MANGLE
 	  To compile it as a module, choose M here.  If unsure, say N.
 
 config ADK_KERNEL_IP6_NF_RAW
-	tristate  'raw table support (required for TRACE)'
+	tristate 'raw table support (required for TRACE)'
 	help
 	  This option adds a `raw' table to ip6tables. This table is the very
 	  first in the netfilter framework and hooks in at the PREROUTING