Hi Fabian, I already reverted the change on libnetfilter-* libraries and added the missing netfilter netlink interface modules in 8.09. I'll add the missing NFLOG & NFQUEUE kernel and userland support later.
Thanks! -- Nico Fabian Hugelshofer wrote: > Hi all, > > To use the Netfilter NFLOG and NFQUEUE targets, kernel modules and > iptables libraries xt_NFLOG and xt_NFQUEUE are needed. I added these to > the corresponding Netfilter kernel packages and created new iptables > module packages. > > This patch also adds support for connection tracking events for module > nf_ct_netlink. > > Changeset 15335 removes packages libnetfilter-conntrack, > libnetfilter-log and libnetfilter-queue from 8.09 because the kernel > modules do not exist in 8.09. Please consider reverting this change. I > have been using these packages already before the kernel packages were > added. > > Cheers, > > Fabian > > > [PATCH] Extend Netfilter Netlink packages > > - Add kernel modules for NFLOG and NFQUEUE targets > - Add packages for iptables NFLOG and NFQUEUE libraries > - Enable connection tracking events for ctnetlink > - Increase priority for the Netlink modules to 49 (nfnetlink is loaded > at 48). > - Update Copyright > > Signed-off-by: hugelshofer2...@gmx.ch > > Index: include/netfilter.mk > =================================================================== > --- include/netfilter.mk (revision 15354) > +++ include/netfilter.mk (working copy) > @@ -1,5 +1,5 @@ > # > -# Copyright (C) 2006-2008 OpenWrt.org > +# Copyright (C) 2006-2009 OpenWrt.org > # > # This is free software, licensed under the GNU General Public License v2. > # See /LICENSE for more information. > @@ -275,6 +275,18 @@ > $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG)) > > > +#nfnetfilter log > + > +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, > $(P_XT)nfnetlink_log)) > +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, > $(P_XT)xt_NFLOG)) > + > + > +# nfnetfilter queue > + > +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, > $(P_XT)nfnetlink_queue)) > +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, > $(P_XT)xt_NFQUEUE)) > + > + > # userland only > IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m) > IPT_BUILTIN += $(IPT_CONNTRACK-y) > @@ -292,5 +304,7 @@ > IPT_BUILTIN += $(IPT_NATHELPER-y) > IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) > IPT_BUILTIN += $(IPT_ULOG-y) > +IPT_BUILTIN += $(NFNETLINK_LOG-y) > +IPT_BUILTIN += $(NFNETLINK_QUEUE-y) > > endif # __inc_netfilter > Index: package/iptables/Makefile > =================================================================== > --- package/iptables/Makefile (revision 15354) > +++ package/iptables/Makefile (working copy) > @@ -1,5 +1,5 @@ > # > -# Copyright (C) 2006-2008 OpenWrt.org > +# Copyright (C) 2006-2009 OpenWrt.org > # > # This is free software, licensed under the GNU General Public License v2. > # See /LICENSE for more information. > @@ -217,6 +217,28 @@ > TITLE:=IPset extension > endef > > +define Package/iptables-mod-nflog > +$(call Package/iptables/Module, +kmod-nfnetlink-log) > + TITLE:=NFLOG Target > +endef > + > +define Package/iptables-mod-nfqueue/description > + iptables extensions for user-space packet logging via NFNETLINK. > + Includes: > + - libxt_NFLOG > +endef > + > +define Package/iptables-mod-nfqueue > +$(call Package/iptables/Module, +kmod-nfnetlink-queue) > + TITLE:=NFQUEUE Target > +endef > + > +define Package/iptables-mod-nfqueue/description > + iptables extensions for user-space packet queueing via NFNETLINK. > + Includes: > + - libxt_NFQUEUE > +endef > + > define Package/iptables-utils > $(call Package/iptables/Module, ) > TITLE:=iptables save and restore utilities > @@ -339,5 +361,7 @@ > $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m))) > $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m))) > $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) > +$(eval $(call BuildPlugin,iptables-mod-nflog,$(NFNETLINK_LOG-m))) > +$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(NFNETLINK_QUEUE-m))) > $(eval $(call BuildPackage,ip6tables)) > $(eval $(call BuildPackage,ip6tables-utils)) > Index: package/kernel/modules/netfilter.mk > =================================================================== > --- package/kernel/modules/netfilter.mk (revision 15354) > +++ package/kernel/modules/netfilter.mk (working copy) > @@ -1,5 +1,5 @@ > # > -# Copyright (C) 2006-2008 OpenWrt.org > +# Copyright (C) 2006-2009 OpenWrt.org > # > # This is free software, licensed under the GNU General Public License v2. > # See /LICENSE for more information. > @@ -417,13 +417,16 @@ > SUBMENU:=$(NF_MENU) > TITLE:=Netfilter LOG over NFNETLINK interface > DEPENDS:=...@linux_2_6 +kmod-nfnetlink > - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.$(LINUX_KMOD_SUFFIX) > - KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG > - AUTOLOAD:=$(call AutoLoad,48,nfnetlink_log) > + KCONFIG:=$(KCONFIG_NFNETLINK_LOG) > + FILES:=$(foreach > mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX)) > + AUTOLOAD:=$(call AutoLoad,49,$(notdir $(NFNETLINK_LOG-m))) > endef > > define KernelPackage/nfnetlink-log/description > Kernel modules support for logging packets via NFNETLINK > + Includes: > + - nfnetlink_log > + - xt_NFLOG > endef > > $(eval $(call KernelPackage,nfnetlink-log)) > @@ -433,13 +436,16 @@ > SUBMENU:=$(NF_MENU) > TITLE:=Netfilter QUEUE over NFNETLINK interface > DEPENDS:=...@linux_2_6 +kmod-nfnetlink > - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.$(LINUX_KMOD_SUFFIX) > - KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE > - AUTOLOAD:=$(call AutoLoad,48,nfnetlink_queue) > + KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) > + FILES:=$(foreach > mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX)) > + AUTOLOAD:=$(call AutoLoad,49,$(notdir $(NFNETLINK_QUEUE-m))) > endef > > define KernelPackage/nfnetlink-queue/description > Kernel modules support for queueing packets via NFNETLINK > + Includes: > + - nfnetlink_queue > + - xt_NFQUEUE > endef > > $(eval $(call KernelPackage,nfnetlink-queue)) > @@ -450,7 +456,8 @@ > TITLE:=Connection tracking netlink interface > DEPENDS:=...@linux_2_6 +kmod-nfnetlink +kmod-ipt-conntrack > FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.$(LINUX_KMOD_SUFFIX) > - KCONFIG:=CONFIG_NF_CT_NETLINK > + KCONFIG:=CONFIG_NF_CT_NETLINK \ > + CONFIG_NF_CONNTRACK_EVENTS=y > AUTOLOAD:=$(call AutoLoad,49,nf_conntrack_netlink) > endef > > > _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
