Hello, new developer here, open to advice https://dev.openwrt.org/ticket/9969
Describe Changes: The included patch creates a menu item for iptables targets NFLOG and NFQUEUE. NFLOG is the successor to ULOG, while NFQUEUE allows userspace packet filtering. Selecting the iptables target enables the kernel modules necessary for netfilter to support these targets. Signed-off-by: Derek LaHousse <dlaho...@mtu.edu> --- diff --git a/include/netfilter.mk b/include/netfilter.mk index 305f28e..a8c0860 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -241,6 +241,21 @@ $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE)) $(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, (P_XT)xt_u32)) + +# netlink + +$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink)) + +# nflog + +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log)) +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG)) + +# nfqueue + +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue)) +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE)) + # # ebtables # @@ -295,6 +310,9 @@ IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) IPT_BUILTIN += $(IPT_ULOG-y) IPT_BUILTIN += $(IPT_DEBUG-y) IPT_BUILTIN += $(IPT_TPROXY-y) +IPT_BUILTIN += $(NFNETLINK-y) +IPT_BUILTIN += $(NFNETLINK_LOG-y) +IPT_BUILTIN += $(NFNETLINK_QUEUE-y) IPT_BUILTIN += $(EBTABLES-y) IPT_BUILTIN += $(EBTABLES_IP4-y) IPT_BUILTIN += $(EBTABLES_IP6-y) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 7509ced..9dc8ac4 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -515,10 +515,10 @@ $(eval $(call KernelPackage,ebtables-watchers)) define KernelPackage/nfnetlink SUBMENU:=$(NF_MENU) TITLE:=Netlink-based userspace interface - DEPENDS:=+kmod-ipt-core - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK - AUTOLOAD:=$(call AutoProbe,nfnetlink) + FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK) + AUTOLOAD:=$(call AutoProbe,$(NFNETLINK-m)) + $(call AddDepends/ipt) endef define KernelPackage/nfnetlink/description @@ -536,14 +536,16 @@ endef define KernelPackage/nfnetlink-log TITLE:=Netfilter LOG over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG - AUTOLOAD:=$(call AutoProbe,nfnetlink_log) + FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_LOG) + AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_LOG-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-log/description Kernel modules support for logging packets via NFNETLINK + Includes: + - NFLOG endef $(eval $(call KernelPackage,nfnetlink-log)) @@ -551,14 +553,16 @@ $(eval $(call KernelPackage,nfnetlink-log)) define KernelPackage/nfnetlink-queue TITLE:=Netfilter QUEUE over NFNETLINK interface - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko - KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE - AUTOLOAD:=$(call AutoProbe,nfnetlink_queue) + FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) + KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) + AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_QUEUE-m))) $(call AddDepends/nfnetlink) endef define KernelPackage/nfnetlink-queue/description Kernel modules support for queueing packets via NFNETLINK + Includes: + - NFQUEUE endef $(eval $(call KernelPackage,nfnetlink-queue)) diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 35dda06..ad98aa5 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -193,6 +193,32 @@ iptables extensions for user-space packet logging. endef +define Package/iptables-mod-nflog +$(call Package/iptables/Module, +kmod-nfnetlink-log) + TITLE:=Netfilter NFLOG target +endef + +define Package/iptables-mod-nflog/description + iptables extension for user-space logging via NFNETLINK. + + Includes: + - libxt_NFLOG + +endef + +define Package/iptables-mod-nfqueue +$(call Package/iptables/Module, +kmod-nfnetlink-queue) + TITLE:=Netfilter NFQUEUE target +endef + +define Package/iptables-mod-nfqueue/description + iptables extension for user-space queuing via NFNETLINK. + + Includes: + - libxt_NFQUEUE + +endef + define Package/iptables-mod-hashlimit $(call Package/iptables/Module, +kmod-ipt-hashlimit) TITLE:=hashlimit matching @@ -457,6 +483,8 @@ $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m))) $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) +$(eval $(call BuildPlugin,iptables-mod-nflog,$(NFNETLINK_LOG-m))) +$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(NFNETLINK_QUEUE-m))) $(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPackage,libiptc)) _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
