On Aug 6, 2014 10:55 PM, "Althaff Mohideen" <althaff_mohid...@yahoo.com> wrote: > > I had just added it through kernel_menuconfig today. > > ->Networking support > -> Network Options > -> Network packet filtering framework (Netfilter) > -> Core Netfilter configuration > -> Netfilter NFQUEUE over NFNETLINK interface (ACTIVATE) -> "NFQUEUE" target support (ACTIVATE) > > > This patch will indeed help in the future. > > Please advice (instruction) on how to include a patch for the people who are using SDK to cross-compile.
According to the description on wiki [1] only userspace applications can be modified and compiled with OpenWrt SDK. [1] http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk Regards, yousong > > Thanking you ever much, > > Best Regards, > > Mohideen > > > > On Wednesday, August 6, 2014 1:58 PM, Yousong Zhou <yszhou4t...@gmail.com> wrote: > > > Hello, > > On 7 November 2013 00:47, Derek LaHousse <dlaho...@mtu.edu> wrote: > > Hello, new developer here, open to advice > > > > https://dev.openwrt.org/ticket/9969 > > > > Describe Changes: > > The included patch creates a menu item for iptables targets NFLOG and > > NFQUEUE. NFLOG is the successor to ULOG, while NFQUEUE allows userspace > > packet filtering. Selecting the iptables target enables the kernel > > modules necessary for netfilter to support these targets. > > I am using NFLOG target with this patch and it worked. It would be > great if this can be merged into OpenWrt. > > > Regards. > > yousong > > > > > Signed-off-by: Derek LaHousse <dlaho...@mtu.edu> > > --- > > > > diff --git a/include/netfilter.mk b/include/netfilter.mk > > index 305f28e..a8c0860 100644 > > --- a/include/netfilter.mk > > +++ b/include/netfilter.mk > > @@ -241,6 +241,21 @@ $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE)) > > > > $(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, (P_XT)xt_u32)) > > > > + > > +# netlink > > + > > +$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink)) > > + > > +# nflog > > + > > +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log)) > > +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG)) > > + > > +# nfqueue > > + > > +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue)) > > +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE)) > > + > > # > > # ebtables > > # > > @@ -295,6 +310,9 @@ IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) > > IPT_BUILTIN += $(IPT_ULOG-y) > > IPT_BUILTIN += $(IPT_DEBUG-y) > > IPT_BUILTIN += $(IPT_TPROXY-y) > > +IPT_BUILTIN += $(NFNETLINK-y) > > +IPT_BUILTIN += $(NFNETLINK_LOG-y) > > +IPT_BUILTIN += $(NFNETLINK_QUEUE-y) > > IPT_BUILTIN += $(EBTABLES-y) > > IPT_BUILTIN += $(EBTABLES_IP4-y) > > IPT_BUILTIN += $(EBTABLES_IP6-y) > > diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk > > index 7509ced..9dc8ac4 100644 > > --- a/package/kernel/linux/modules/netfilter.mk > > +++ b/package/kernel/linux/modules/netfilter.mk > > @@ -515,10 +515,10 @@ $(eval $(call KernelPackage,ebtables-watchers)) > > define KernelPackage/nfnetlink > > SUBMENU:=$(NF_MENU) > > TITLE:=Netlink-based userspace interface > > - DEPENDS:=+kmod-ipt-core > > - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko > > - KCONFIG:=CONFIG_NETFILTER_NETLINK > > - AUTOLOAD:=$(call AutoProbe,nfnetlink) > > + FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko) > > + KCONFIG:=$(KCONFIG_NFNETLINK) > > + AUTOLOAD:=$(call AutoProbe,$(NFNETLINK-m)) > > + $(call AddDepends/ipt) > > endef > > > > define KernelPackage/nfnetlink/description > > @@ -536,14 +536,16 @@ endef > > > > define KernelPackage/nfnetlink-log > > TITLE:=Netfilter LOG over NFNETLINK interface > > - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko > > - KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG > > - AUTOLOAD:=$(call AutoProbe,nfnetlink_log) > > + FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko) > > + KCONFIG:=$(KCONFIG_NFNETLINK_LOG) > > + AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_LOG-m))) > > $(call AddDepends/nfnetlink) > > endef > > > > define KernelPackage/nfnetlink-log/description > > Kernel modules support for logging packets via NFNETLINK > > + Includes: > > + - NFLOG > > endef > > > > $(eval $(call KernelPackage,nfnetlink-log)) > > @@ -551,14 +553,16 @@ $(eval $(call KernelPackage,nfnetlink-log)) > > > > define KernelPackage/nfnetlink-queue > > TITLE:=Netfilter QUEUE over NFNETLINK interface > > - FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko > > - KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE > > - AUTOLOAD:=$(call AutoProbe,nfnetlink_queue) > > + FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko) > > + KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE) > > + AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_QUEUE-m))) > > $(call AddDepends/nfnetlink) > > endef > > > > define KernelPackage/nfnetlink-queue/description > > Kernel modules support for queueing packets via NFNETLINK > > + Includes: > > + - NFQUEUE > > endef > > > > $(eval $(call KernelPackage,nfnetlink-queue)) > > diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile > > index 35dda06..ad98aa5 100644 > > --- a/package/network/utils/iptables/Makefile > > +++ b/package/network/utils/iptables/Makefile > > @@ -193,6 +193,32 @@ iptables extensions for user-space packet logging. > > > > endef > > > > +define Package/iptables-mod-nflog > > +$(call Package/iptables/Module, +kmod-nfnetlink-log) > > + TITLE:=Netfilter NFLOG target > > +endef > > + > > +define Package/iptables-mod-nflog/description > > + iptables extension for user-space logging via NFNETLINK. > > + > > + Includes: > > + - libxt_NFLOG > > + > > +endef > > + > > +define Package/iptables-mod-nfqueue > > +$(call Package/iptables/Module, +kmod-nfnetlink-queue) > > + TITLE:=Netfilter NFQUEUE target > > +endef > > + > > +define Package/iptables-mod-nfqueue/description > > + iptables extension for user-space queuing via NFNETLINK. > > + > > + Includes: > > + - libxt_NFQUEUE > > + > > +endef > > + > > define Package/iptables-mod-hashlimit > > $(call Package/iptables/Module, +kmod-ipt-hashlimit) > > TITLE:=hashlimit matching > > @@ -457,6 +483,8 @@ $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m))) > > $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) > > $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) > > $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) > > +$(eval $(call BuildPlugin,iptables-mod-nflog,$(NFNETLINK_LOG-m))) > > +$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(NFNETLINK_QUEUE-m))) > > $(eval $(call BuildPackage,ip6tables)) > > $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) > > $(eval $(call BuildPackage,libiptc)) > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > >
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
