From ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4 Mon Sep 17 00:00:00 2001
From: Alin Nastac <alin.nastac@gmail.com>
Date: Mon, 25 Jun 2018 10:22:21 +0200
Subject: [PATCH] netfilter: add bpf match support

Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
---
 include/netfilter.mk                      | 1 +
 package/kernel/linux/modules/netfilter.mk | 1 +
 package/network/utils/iptables/Makefile   | 1 +
 3 files changed, 3 insertions(+)

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 5d532cea5b..510aa183ca 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -106,6 +106,7 @@ $(eval $(call nf_add,IPT_PHYSDEV,CONFIG_NETFILTER_XT_MATCH_PHYSDEV, $(P_XT)xt_ph
 # filter
 
 $(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_STRING, $(P_XT)xt_string))
+$(eval $(call nf_add,IPT_FILTER,CONFIG_NETFILTER_XT_MATCH_BPF, $(P_XT)xt_bpf))
 
 
 # ipopt
diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 51f3544ed6..be469fac15 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -237,6 +237,7 @@ define KernelPackage/ipt-filter/description
  Netfilter (IPv4) kernel modules for packet content inspection
  Includes:
  - string
+ - bpf
 endef
 
 $(eval $(call KernelPackage,ipt-filter))
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
index b3955b9a97..8423701f07 100644
--- a/package/network/utils/iptables/Makefile
+++ b/package/network/utils/iptables/Makefile
@@ -151,6 +151,7 @@ Includes support for:
 
  Matches:
   - string
+  - bpf
 
 endef
 
-- 
2.30.2