Changeset 42022


Ignore:
Timestamp:
2014-08-07T06:42:22+02:00 (3 years ago)
Author:
cyrus
Message:

iptables: NFLOG and NFQUEUE targets' full support

NFLOG and NFQUEUE targets' full support for iptables.

Includes all needed kernel modules (Xtables's and Netlink's)

and userspace libraries.

All added kernel modules can be individually disabled,

all other new libraries get their own individual packages.

Reported-by: Fabian Hugelshofer <hugelshofer2006@…>
Reported-by: Rainer Poisel <rainer.poisel@…>
Reported-by: Derek LaHousse <dlahouss@…>
Signed-off-by: Guillaume Déflache <guillaume.deflache@…>

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/netfilter.mk

    r41945 r42022  
    226226 
    227227 
     228# nflog 
     229 
     230$(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG)) 
     231 
     232 
     233# nfqueue 
     234 
     235$(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE)) 
     236 
     237 
    228238# debugging 
    229239 
     
    245255 
    246256$(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, $(P_XT)xt_u32)) 
     257 
     258 
     259# netlink 
     260 
     261$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink)) 
     262 
     263# nflog 
     264 
     265$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log)) 
     266 
     267# nfqueue 
     268 
     269$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue)) 
    247270 
    248271# 
     
    280303$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog)) 
    281304$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog)) 
     305$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue)) 
    282306 
    283307 
     
    300324IPT_BUILTIN += $(IPT_DEBUG-y) 
    301325IPT_BUILTIN += $(IPT_TPROXY-y) 
     326IPT_BUILTIN += $(NFNETLINK-y) 
     327IPT_BUILTIN += $(NFNETLINK_LOG-y) 
     328IPT_BUILTIN += $(NFNETLINK_QUEUE-y) 
    302329IPT_BUILTIN += $(EBTABLES-y) 
    303330IPT_BUILTIN += $(EBTABLES_IP4-y) 
  • trunk/package/kernel/linux/modules/netfilter.mk

    r40983 r42022  
    279279 
    280280 
     281define KernelPackage/ipt-nflog 
     282  TITLE:=Module for user-space packet logging 
     283  KCONFIG:=$(KCONFIG_IPT_NFLOG) 
     284  FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko) 
     285  AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m))) 
     286  $(call AddDepends/ipt,+kmod-nfnetlink-log) 
     287endef 
     288 
     289define KernelPackage/ipt-nflog/description 
     290 Netfilter module for user-space packet logging 
     291 Includes: 
     292 - NFLOG 
     293endef 
     294 
     295$(eval $(call KernelPackage,ipt-nflog)) 
     296 
     297 
     298define KernelPackage/ipt-nfqueue 
     299  TITLE:=Module for user-space packet queuing 
     300  KCONFIG:=$(KCONFIG_IPT_NFQUEUE) 
     301  FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko) 
     302  AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m))) 
     303  $(call AddDepends/ipt,+kmod-nfnetlink-queue) 
     304endef 
     305 
     306define KernelPackage/ipt-nfqueue/description 
     307 Netfilter module for user-space packet queuing 
     308 Includes: 
     309 - NFQUEUE 
     310endef 
     311 
     312$(eval $(call KernelPackage,ipt-nfqueue)) 
     313 
     314 
    281315define KernelPackage/ipt-debug 
    282316  TITLE:=Module for debugging/development 
     
    531565  SUBMENU:=$(NF_MENU) 
    532566  TITLE:=Netlink-based userspace interface 
    533   DEPENDS:=+kmod-ipt-core 
    534   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko 
    535   KCONFIG:=CONFIG_NETFILTER_NETLINK 
    536   AUTOLOAD:=$(call AutoProbe,nfnetlink) 
     567  FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) 
     568  KCONFIG:=$(KCONFIG_NFNETLINK) 
     569  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m))) 
     570  $(call AddDepends/ipt) 
    537571endef 
    538572 
     
    552586define KernelPackage/nfnetlink-log 
    553587  TITLE:=Netfilter LOG over NFNETLINK interface 
    554   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko 
    555   KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG 
    556   AUTOLOAD:=$(call AutoProbe,nfnetlink_log) 
     588  FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) 
     589  KCONFIG:=$(KCONFIG_NFNETLINK_LOG) 
     590  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m))) 
    557591  $(call AddDepends/nfnetlink) 
    558592endef 
     
    560594define KernelPackage/nfnetlink-log/description 
    561595 Kernel modules support for logging packets via NFNETLINK 
     596 Includes: 
     597 - NFLOG 
    562598endef 
    563599 
     
    567603define KernelPackage/nfnetlink-queue 
    568604  TITLE:=Netfilter QUEUE over NFNETLINK interface 
    569   FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko 
    570   KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE 
    571   AUTOLOAD:=$(call AutoProbe,nfnetlink_queue) 
     605  FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) 
     606  KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) 
     607  AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m))) 
    572608  $(call AddDepends/nfnetlink) 
    573609endef 
     
    575611define KernelPackage/nfnetlink-queue/description 
    576612 Kernel modules support for queueing packets via NFNETLINK 
     613 Includes: 
     614 - NFQUEUE 
    577615endef 
    578616 
  • trunk/package/network/utils/iptables/Makefile

    r41458 r42022  
    192192 Targets: 
    193193  - ULOG 
     194 
     195endef 
     196 
     197define Package/iptables-mod-nflog 
     198$(call Package/iptables/Module, +kmod-nfnetlink-log) 
     199  TITLE:=Netfilter NFLOG target 
     200endef 
     201 
     202define Package/iptables-mod-nflog/description 
     203 iptables extension for user-space logging via NFNETLINK. 
     204 
     205 Includes: 
     206  - libxt_NFLOG 
     207 
     208endef 
     209 
     210define Package/iptables-mod-nfqueue 
     211$(call Package/iptables/Module, +kmod-nfnetlink-queue) 
     212  TITLE:=Netfilter NFQUEUE target 
     213endef 
     214 
     215define Package/iptables-mod-nfqueue/description 
     216 iptables extension for user-space queuing via NFNETLINK. 
     217 
     218 Includes: 
     219  - libxt_NFQUEUE 
    194220 
    195221endef 
     
    470496$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) 
    471497$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) 
     498$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m))) 
     499$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m))) 
    472500$(eval $(call BuildPackage,ip6tables)) 
    473501$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m))) 
Note: See TracChangeset for help on using the changeset viewer.