From 74f4119c1b84117af92e44982222ec5c805ad97a Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 11 Apr 2018 13:14:00 +0200
Subject: [PATCH] treewide: add support for building kernel modules used by
 Gluon into the kernel

---
 package/gluon-client-bridge/Makefile          |   2 +-
 package/gluon-core/Config.in                  | 338 ++++++++++++++++++
 package/gluon-core/Makefile                   |   4 +
 package/gluon-ebtables-limit-arp/Makefile     |   5 +-
 package/gluon-ebtables/Makefile               |  12 +-
 package/gluon-mesh-batman-adv/Makefile        |   2 +-
 package/gluon-mesh-vpn-core/Makefile          |   9 +-
 package/gluon-mesh-vpn-fastd/Makefile         |   2 +-
 package/gluon-mesh-vpn-tunneldigger/Makefile  |   2 +-
 ...build-kmod-packages-with-empty-FILES.patch |  37 ++
 10 files changed, 406 insertions(+), 7 deletions(-)
 create mode 100644 package/gluon-core/Config.in
 create mode 100644 patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch

diff --git a/package/gluon-client-bridge/Makefile b/package/gluon-client-bridge/Makefile
index ccf1bcd8b..19a0e3a4c 100644
--- a/package/gluon-client-bridge/Makefile
+++ b/package/gluon-client-bridge/Makefile
@@ -9,7 +9,7 @@ define Package/gluon-client-bridge
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Provides a bridge and a wireless interface for clients to connect to
-  DEPENDS:=+gluon-core +kmod-veth
+  DEPENDS:=+gluon-core +kmod-veth +@GLUON_SPECIALIZE_KERNEL:KERNEL_VETH
 endef
 
 $(eval $(call BuildPackageGluon,gluon-client-bridge))
diff --git a/package/gluon-core/Config.in b/package/gluon-core/Config.in
new file mode 100644
index 000000000..9def3c299
--- /dev/null
+++ b/package/gluon-core/Config.in
@@ -0,0 +1,338 @@
+config KERNEL_NET_IP_TUNNEL
+	bool
+
+config KERNEL_NET_UDP_TUNNEL
+	bool
+
+config KERNEL_VXLAN
+	bool
+	select KERNEL_NET_IP_TUNNEL
+	select KERNEL_NET_UDP_TUNNEL
+
+config KERNEL_VETH
+	bool
+
+
+# for fastd
+
+config KERNEL_TUN
+	bool
+
+
+# for tunneldigger
+
+config KERNEL_L2TP_V3
+	bool
+
+config KERNEL_L2TP_IP
+	bool
+
+config KERNEL_L2TP_ETH
+	bool
+
+config KERNEL_L2TP
+	bool
+	select KERNEL_L2TP_V3
+	select KERNEL_L2TP_IP
+	select KERNEL_L2TP_ETH
+
+
+# for simple-tc
+
+config KERNEL_NET_SCHED
+	bool
+
+config KERNEL_NET_CLS
+	bool
+	select KERNEL_NET_SCHED
+
+config KERNEL_NET_CLS_ACT
+	bool
+	select KERNEL_NET_CLS
+
+config KERNEL_NET_CLS_BASIC
+	bool
+	select KERNEL_NET_CLS
+
+config KERNEL_NET_SCH_TBF
+	bool
+	select KERNEL_NET_SCHED
+
+config KERNEL_NET_SCH_INGRESS
+	bool
+	select KERNEL_NET_CLS_ACT
+
+
+# for batman-adv
+
+config KERNEL_DUMMY
+	bool
+
+config KERNEL_CRC16
+	bool
+
+config KERNEL_LIBCRC32C
+	bool
+
+
+# Netfilter modules used by ebtables and fw3
+
+config KERNEL_NETFILTER
+	bool
+
+config KERNEL_NETFILTER_ADVANCED
+	bool
+	select KERNEL_NETFILTER
+
+config KERNEL_NETFILTER_XTABLES
+	bool
+	select KERNEL_NETFILTER_ADVANCED
+
+config KERNEL_BRIDGE_NF_EBTABLES
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_BRIDGE_EBT_T_FILTER
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_T_NAT
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_ARP
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_IP
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_IP6
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_LIMIT
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_MARK
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+config KERNEL_BRIDGE_EBT_MARK_T
+	bool
+	select KERNEL_BRIDGE_NF_EBTABLES
+
+
+# Not all of the following modules are really required for Gluon, but fw3 pulls
+# them in, so we add them to the kernel config to reduce the number of loaded
+# modules
+
+# kmod-nf-conntrack
+
+config KERNEL_NF_CONNTRACK
+	bool
+	select KERNEL_NETFILTER_ADVANCED
+
+config KERNEL_NF_CONNTRACK_RTCACHE
+	bool
+	select KERNEL_NF_CONNTRACK
+
+config KERNEL_NF_CONNTRACK_IPV4
+	bool
+	select KERNEL_NF_CONNTRACK
+
+
+# kmod-nf-conntrack6
+
+config KERNEL_NF_CONNTRACK_IPV6
+	bool
+	select KERNEL_NF_CONNTRACK
+
+
+# kmod-nf-ipt
+
+config KERNEL_NF_REJECT_IPV4
+	bool
+	select KERNEL_NETFILTER_ADVANCED
+
+config KERNEL_IP_NF_IPTABLES
+	bool
+	select KERNEL_NETFILTER_XTABLES
+	select KERNEL_NF_REJECT_IPV4
+
+
+# kmod-nf-ipt6
+
+config KERNEL_NF_REJECT_IPV6
+	bool
+	select KERNEL_NETFILTER_ADVANCED
+
+config KERNEL_IP6_NF_IPTABLES
+	bool
+	select KERNEL_NETFILTER_XTABLES
+	select KERNEL_NF_REJECT_IPV6
+
+
+# kmod-nf-nat
+
+config KERNEL_NF_NAT
+	bool
+	select KERNEL_NF_CONNTRACK
+
+config KERNEL_NF_NAT_REDIRECT
+	bool
+	select KERNEL_NF_NAT
+
+config KERNEL_NF_NAT_IPV4
+	bool
+	select KERNEL_NETFILTER_ADVANCED
+	select KERNEL_NF_NAT
+
+config KERNEL_NF_NAT_MASQUERADE_IPV4
+	bool
+	select KERNEL_NF_NAT_IPV4
+
+
+# kmod-ipt-core
+
+config KERNEL_IP_NF_FILTER
+	bool
+	select KERNEL_IP_NF_IPTABLES
+
+config KERNEL_IP_NF_MANGLE
+	bool
+	select KERNEL_IP_NF_IPTABLES
+
+config KERNEL_IP_NF_TARGET_REJECT
+	bool
+	select KERNEL_IP_NF_FILTER
+
+config KERNEL_NETFILTER_XT_MATCH_LIMIT
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_MAC
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_MULTIPORT
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_COMMENT
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_TIME
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MARK
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_TARGET_LOG
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_TARGET_TCPMSS
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+# kmod-ip6tables
+
+config KERNEL_IP6_NF_FILTER
+	bool
+	select KERNEL_IP6_NF_IPTABLES
+
+config KERNEL_IP6_NF_MANGLE
+	bool
+	select KERNEL_IP6_NF_IPTABLES
+
+config KERNEL_IP6_NF_TARGET_REJECT
+	bool
+	select KERNEL_IP6_NF_IPTABLES
+
+
+# kmod-ipt-conntrack
+
+config KERNEL_NETFILTER_XT_MATCH_STATE
+	bool
+	select KERNEL_NETFILTER_XTABLES
+	select KERNEL_NF_CONNTRACK
+
+config KERNEL_NETFILTER_XT_MATCH_CONNTRACK
+	bool
+	select KERNEL_NETFILTER_XTABLES
+	select KERNEL_NF_CONNTRACK
+
+
+# kmod-ipt-nat
+
+config KERNEL_IP_NF_NAT
+	bool
+	select KERNEL_NF_NAT
+	select KERNEL_IP_NF_IPTABLES
+
+config KERNEL_IP_NF_TARGET_MASQUERADE
+	bool
+	select KERNEL_NF_NAT_MASQUERADE_IPV4
+	select KERNEL_IP_NF_NAT
+
+config KERNEL_IP_NF_TARGET_REDIRECT
+	bool
+	select KERNEL_NF_NAT
+	select KERNEL_IP_NF_NAT
+
+
+# kmod-ipt-extra
+
+config KERNEL_NETFILTER_XT_MATCH_ADDRTYPE
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_OWNER
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_PKTTYPE
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+config KERNEL_NETFILTER_XT_MATCH_QUOTA
+	bool
+	select KERNEL_NETFILTER_XTABLES
+
+
+config GLUON_SPECIALIZE_KERNEL
+	bool "Specialize kernel for Gluon"
+	select KERNEL_VXLAN
+	select KERNEL_NF_CONNTRACK_RTCACHE
+	select KERNEL_NF_CONNTRACK_IPV4
+	select KERNEL_NF_CONNTRACK_IPV6
+	select KERNEL_IP_NF_IPTABLES
+	select KERNEL_IP6_NF_IPTABLES
+	select KERNEL_NF_NAT_REDIRECT
+	select KERNEL_NF_NAT_IPV4
+	select KERNEL_NF_NAT_MASQUERADE_IPV4
+	select KERNEL_IP_NF_FILTER
+	select KERNEL_IP_NF_MANGLE
+	select KERNEL_IP_NF_TARGET_REJECT
+	select KERNEL_IP6_NF_FILTER
+	select KERNEL_IP6_NF_MANGLE
+	select KERNEL_IP6_NF_TARGET_REJECT
+	select KERNEL_NETFILTER_XT_MATCH_LIMIT
+	select KERNEL_NETFILTER_XT_MATCH_MAC
+	select KERNEL_NETFILTER_XT_MATCH_MULTIPORT
+	select KERNEL_NETFILTER_XT_MATCH_COMMENT
+	select KERNEL_NETFILTER_XT_MATCH_TIME
+	select KERNEL_NETFILTER_XT_MARK
+	select KERNEL_NETFILTER_XT_TARGET_LOG
+	select KERNEL_NETFILTER_XT_TARGET_TCPMSS
+	select KERNEL_NETFILTER_XT_MATCH_STATE
+	select KERNEL_NETFILTER_XT_MATCH_CONNTRACK
+	select KERNEL_IP_NF_NAT
+	select KERNEL_IP_NF_TARGET_MASQUERADE
+	select KERNEL_IP_NF_TARGET_REDIRECT
diff --git a/package/gluon-core/Makefile b/package/gluon-core/Makefile
index 39218d667..f220b9f46 100644
--- a/package/gluon-core/Makefile
+++ b/package/gluon-core/Makefile
@@ -23,6 +23,10 @@ define Package/gluon-core/description
 	Gluon community wifi mesh firmware framework: core
 endef
 
+define Package/gluon-core/config
+        source "$(SOURCE)/Config.in"
+endef
+
 define Package/gluon-core/install
 	$(Gluon/Build/Install)
 
diff --git a/package/gluon-ebtables-limit-arp/Makefile b/package/gluon-ebtables-limit-arp/Makefile
index 4562c6278..a356b832b 100644
--- a/package/gluon-ebtables-limit-arp/Makefile
+++ b/package/gluon-ebtables-limit-arp/Makefile
@@ -10,7 +10,10 @@ define Package/gluon-ebtables-limit-arp
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Ebtables limiter for ARP packets
-  DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv
+  DEPENDS:=+gluon-core +gluon-ebtables gluon-mesh-batman-adv \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_LIMIT \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_MARK_T
 endef
 
 define Package/gluon-ebtables-limit-arp/description
diff --git a/package/gluon-ebtables/Makefile b/package/gluon-ebtables/Makefile
index 3ecf9b880..3a2fffdc7 100644
--- a/package/gluon-ebtables/Makefile
+++ b/package/gluon-ebtables/Makefile
@@ -4,13 +4,23 @@ PKG_NAME:=gluon-ebtables
 PKG_VERSION:=1
 PKG_RELEASE:=1
 
+PKG_CONFIG_DEPENDS := CONFIG_GLUON_SPECIALIZE_KERNEL
+
 include ../gluon.mk
 
 define Package/gluon-ebtables
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Ebtables support
-  DEPENDS:=+gluon-core +ebtables-tiny +kmod-ebtables +kmod-ebtables-ipv4 +kmod-ebtables-ipv6
+  DEPENDS:=+gluon-core +ebtables-tiny \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_FILTER \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_T_NAT \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_ARP \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_BRIDGE_EBT_IP6 \
+	+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables \
+	+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv4 \
+	+!GLUON_SPECIALIZE_KERNEL:kmod-ebtables-ipv6
 endef
 
 define Package/gluon-ebtables/description
diff --git a/package/gluon-mesh-batman-adv/Makefile b/package/gluon-mesh-batman-adv/Makefile
index 22355798b..a8c4801dd 100644
--- a/package/gluon-mesh-batman-adv/Makefile
+++ b/package/gluon-mesh-batman-adv/Makefile
@@ -9,7 +9,7 @@ define Package/gluon-mesh-batman-adv/common
   SECTION:=gluon
   CATEGORY:=Gluon
   PROVIDES:=gluon-mesh-batman-adv
-  DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv
+  DEPENDS:=+gluon-core +libgluonutil +gluon-client-bridge +gluon-ebtables +firewall +libiwinfo +kmod-dummy +libnl-tiny +libbatadv +@GLUON_SPECIALIZE_KERNEL:KERNEL_DUMMY +@GLUON_SPECIALIZE_KERNEL:KERNEL_CRC16 +@GLUON_SPECIALIZE_KERNEL:KERNEL_LIBCRC32C
 endef
 
 define Package/gluon-mesh-batman-adv-14
diff --git a/package/gluon-mesh-vpn-core/Makefile b/package/gluon-mesh-vpn-core/Makefile
index 263ec2173..885905738 100644
--- a/package/gluon-mesh-vpn-core/Makefile
+++ b/package/gluon-mesh-vpn-core/Makefile
@@ -9,7 +9,14 @@ define Package/gluon-mesh-vpn-core
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Basic support for connecting meshes via VPN tunnels
-  DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc
+  DEPENDS:=+gluon-core +gluon-wan-dnsmasq +iptables +iptables-mod-extra +simple-tc \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_ADDRTYPE \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_OWNER \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_PKTTYPE \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_QUOTA \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_CLS_BASIC \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_TBF \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_INGRESS
   USERID:=:gluon-mesh-vpn=800
 endef
 
diff --git a/package/gluon-mesh-vpn-fastd/Makefile b/package/gluon-mesh-vpn-fastd/Makefile
index 50b35e5ac..477cd48e8 100644
--- a/package/gluon-mesh-vpn-fastd/Makefile
+++ b/package/gluon-mesh-vpn-fastd/Makefile
@@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-fastd
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Support for connecting meshes via fastd
-  DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd
+  DEPENDS:=+gluon-core +libgluonutil +gluon-mesh-vpn-core +fastd +@GLUON_SPECIALIZE_KERNEL:KERNEL_TUN
 endef
 
 $(eval $(call BuildPackageGluon,gluon-mesh-vpn-fastd))
diff --git a/package/gluon-mesh-vpn-tunneldigger/Makefile b/package/gluon-mesh-vpn-tunneldigger/Makefile
index 8b8099b14..d463db414 100644
--- a/package/gluon-mesh-vpn-tunneldigger/Makefile
+++ b/package/gluon-mesh-vpn-tunneldigger/Makefile
@@ -9,7 +9,7 @@ define Package/gluon-mesh-vpn-tunneldigger
   SECTION:=gluon
   CATEGORY:=Gluon
   TITLE:=Support for connecting meshes via tunneltigger/L2TPv3 pseudowire
-  DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger
+  DEPENDS:=+gluon-core +gluon-mesh-vpn-core +tunneldigger +@GLUON_SPECIALIZE_KERNEL:KERNEL_L2TP
 endef
 
 $(eval $(call BuildPackageGluon,gluon-mesh-vpn-tunneldigger))
diff --git a/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch
new file mode 100644
index 000000000..c8c4fcc9d
--- /dev/null
+++ b/patches/lede/0082-include-kernel.mk-build-kmod-packages-with-empty-FILES.patch
@@ -0,0 +1,37 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Tue, 10 Apr 2018 09:03:52 +0200
+Subject: include/kernel.mk: build kmod packages with empty FILES
+
+kmod packages without FILES did not have an install step defined, leading
+to no package being built. This affected netfilter/iptables packages, which
+filter out builtin modules from FILES.
+
+Not building a package that it is selected in .config is problematic, as
+the generated empty package may be necessary to satisfy dependencies.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/include/kernel.mk b/include/kernel.mk
+index b1d0e8d927cb462b486cfd645d68963f1b6ab8ff..d8d457fe7a5d3584d8aa4e27430da84533c85ed0 100644
+--- a/include/kernel.mk
++++ b/include/kernel.mk
+@@ -194,8 +194,7 @@ $(call KernelPackage/$(1)/config)
+   $(call KernelPackage/depends)
+ 
+   ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),)
+-    ifneq ($(strip $(FILES)),)
+-      define Package/kmod-$(1)/install
++    define Package/kmod-$(1)/install
+ 		  @for mod in $$(call version_filter,$$(FILES)); do \
+ 			if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \
+ 				echo "NOTICE: module '$$$$$$$$mod' is built-in."; \
+@@ -209,8 +208,7 @@ $(call KernelPackage/$(1)/config)
+ 		  done;
+ 		  $(call ModuleAutoLoad,$(1),$$(1),$(AUTOLOAD))
+ 		  $(call KernelPackage/$(1)/install,$$(1))
+-      endef
+-    endif
++    endef
+   $(if $(CONFIG_PACKAGE_kmod-$(1)),
+     else
+       compile: $(1)-disabled
-- 
GitLab