Author: cyrus Date: 2014-08-07 06:42:22 +0200 (Thu, 07 Aug 2014) New Revision: 42022
Modified: trunk/include/netfilter.mk trunk/package/kernel/linux/modules/netfilter.mk trunk/package/network/utils/iptables/Makefile Log: iptables: NFLOG and NFQUEUE targets' full support NFLOG and NFQUEUE targets' full support for iptables. Includes all needed kernel modules (Xtables's and Netlink's) and userspace libraries. All added kernel modules can be individually disabled, all other new libraries get their own individual packages. Reported-by: Fabian Hugelshofer <[email protected]> Reported-by: Rainer Poisel <[email protected]> Reported-by: Derek LaHousse <[email protected]> Signed-off-by: Guillaume D?\195?\169flache <[email protected]> Modified: trunk/include/netfilter.mk =================================================================== --- trunk/include/netfilter.mk 2014-08-06 22:02:14 UTC (rev 42021) +++ trunk/include/netfilter.mk 2014-08-07 04:42:22 UTC (rev 42022) @@ -225,6 +225,16 @@ $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG)) +# nflog + +$(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG)) + + +# nfqueue + +$(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE)) + + # debugging $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE)) @@ -245,6 +255,19 @@ $(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, $(P_XT)xt_u32)) + +# netlink + +$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink)) + +# nflog + +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log)) + +# nfqueue + +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue)) + # # ebtables # @@ -279,6 +302,7 @@ $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log)) $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog)) $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog)) +$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue)) # userland only @@ -299,6 +323,9 @@ IPT_BUILTIN += $(IPT_ULOG-y) IPT_BUILTIN += $(IPT_DEBUG-y) IPT_BUILTIN += $(IPT_TPROXY-y) +IPT_BUILTIN += $(NFNETLINK-y) +IPT_BUILTIN += $(NFNETLINK_LOG-y) +IPT_BUILTIN += $(NFNETLINK_QUEUE-y) IPT_BUILTIN += $(EBTABLES-y) IPT_BUILTIN += $(EBTABLES_IP4-y) IPT_BUILTIN += $(EBTABLES_IP6-y) Modified: trunk/package/kernel/linux/modules/netfilter.mk =================================================================== --- trunk/package/kernel/linux/modules/netfilter.mk 2014-08-06 22:02:14 UTC (rev 42021) +++ trunk/package/kernel/linux/modules/netfilter.mk 2014-08-07 04:42:22 UTC (rev 42022) @@ -278,6 +278,40 @@ $(eval $(call KernelPackage,ipt-ulog)) +define KernelPackage/ipt-nflog + TITLE:=Module for user-space packet logging + KCONFIG:=$(KCONFIG_IPT_NFLOG) + FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m))) + $(call AddDepends/ipt,+kmod-nfnetlink-log) +endef + +define KernelPackage/ipt-nflog/description + Netfilter module for user-space packet logging + Includes: + - NFLOG +endef + +$(eval $(call KernelPackage,ipt-nflog)) + + +define KernelPackage/ipt-nfqueue + TITLE:=Module for user-space packet queuing + KCONFIG:=$(KCONFIG_IPT_NFQUEUE) + FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m))) + $(call AddDepends/ipt,+kmod-nfnetlink-queue) +endef + +define KernelPackage/ipt-nfqueue/description + Netfilter module for user-space packet queuing + Includes: + - NFQUEUE +endef + +$(eval $(call KernelPackage,ipt-nfqueue)) + + define KernelPackage/ipt-debug TITLE:=Module for debugging/development KCONFIG:=$(KCONFIG_IPT_DEBUG) @@ -530,10 +564,10 @@ define KernelPackage/nfnetlink SUBMENU:=$(NF_MENU) TITLE:=Netlink-based userspace interface - DEPENDS:=+kmod-ipt-core - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK - AUTOLOAD:=$(call AutoProbe,nfnetlink) + FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m))) + $(call AddDepends/ipt) endef define KernelPackage/nfnetlink/description @@ -551,14 +585,16 @@ define KernelPackage/nfnetlink-log TITLE:=Netfilter LOG over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG - AUTOLOAD:=$(call AutoProbe,nfnetlink_log) + FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_LOG) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-log/description Kernel modules support for logging packets via NFNETLINK + Includes: + - NFLOG endef $(eval $(call KernelPackage,nfnetlink-log)) @@ -566,14 +602,16 @@ define KernelPackage/nfnetlink-queue TITLE:=Netfilter QUEUE over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE - AUTOLOAD:=$(call AutoProbe,nfnetlink_queue) + FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) + AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-queue/description Kernel modules support for queueing packets via NFNETLINK + Includes: + - NFQUEUE endef $(eval $(call KernelPackage,nfnetlink-queue)) Modified: trunk/package/network/utils/iptables/Makefile =================================================================== --- trunk/package/network/utils/iptables/Makefile 2014-08-06 22:02:14 UTC (rev 42021) +++ trunk/package/network/utils/iptables/Makefile 2014-08-07 04:42:22 UTC (rev 42022) @@ -194,6 +194,32 @@ endef +define Package/iptables-mod-nflog +$(call Package/iptables/Module, +kmod-nfnetlink-log) + TITLE:=Netfilter NFLOG target +endef + +define Package/iptables-mod-nflog/description + iptables extension for user-space logging via NFNETLINK. + + Includes: + - libxt_NFLOG + +endef + +define Package/iptables-mod-nfqueue +$(call Package/iptables/Module, +kmod-nfnetlink-queue) + TITLE:=Netfilter NFQUEUE target +endef + +define Package/iptables-mod-nfqueue/description + iptables extension for user-space queuing via NFNETLINK. + + Includes: + - libxt_NFQUEUE + +endef + define Package/iptables-mod-hashlimit $(call Package/iptables/Module, +kmod-ipt-hashlimit) TITLE:=hashlimit matching @@ -469,6 +495,8 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) +$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m))) +$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) $(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) _______________________________________________ openwrt-commits mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-commits
