mirror of https://github.com/hak5/openwrt-owl.git
iptables: NFLOG and NFQUEUE targets' full support
NFLOG and NFQUEUE targets' full support for iptables. Includes all needed kernel modules (Xtables's and Netlink's) and userspace libraries. All added kernel modules can be individually disabled, all other new libraries get their own individual packages. Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at> Reported-by: Derek LaHousse <dlahouss@mtu.edu> Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com> SVN-Revision: 42022owl
parent
6656292619
commit
9f2a17103f
|
@ -225,6 +225,16 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue, lt 3.5.0))
|
||||||
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
||||||
|
|
||||||
|
|
||||||
|
# nflog
|
||||||
|
|
||||||
|
$(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
|
||||||
|
|
||||||
|
|
||||||
|
# nfqueue
|
||||||
|
|
||||||
|
$(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE))
|
||||||
|
|
||||||
|
|
||||||
# debugging
|
# debugging
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
|
$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
|
||||||
|
@ -245,6 +255,19 @@ $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE))
|
||||||
|
|
||||||
$(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, $(P_XT)xt_u32))
|
$(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, $(P_XT)xt_u32))
|
||||||
|
|
||||||
|
|
||||||
|
# netlink
|
||||||
|
|
||||||
|
$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink))
|
||||||
|
|
||||||
|
# nflog
|
||||||
|
|
||||||
|
$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log))
|
||||||
|
|
||||||
|
# nfqueue
|
||||||
|
|
||||||
|
$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue))
|
||||||
|
|
||||||
#
|
#
|
||||||
# ebtables
|
# ebtables
|
||||||
#
|
#
|
||||||
|
@ -279,6 +302,7 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
|
||||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
||||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
||||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||||
|
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
|
||||||
|
|
||||||
|
|
||||||
# userland only
|
# userland only
|
||||||
|
@ -299,6 +323,9 @@ IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
||||||
IPT_BUILTIN += $(IPT_ULOG-y)
|
IPT_BUILTIN += $(IPT_ULOG-y)
|
||||||
IPT_BUILTIN += $(IPT_DEBUG-y)
|
IPT_BUILTIN += $(IPT_DEBUG-y)
|
||||||
IPT_BUILTIN += $(IPT_TPROXY-y)
|
IPT_BUILTIN += $(IPT_TPROXY-y)
|
||||||
|
IPT_BUILTIN += $(NFNETLINK-y)
|
||||||
|
IPT_BUILTIN += $(NFNETLINK_LOG-y)
|
||||||
|
IPT_BUILTIN += $(NFNETLINK_QUEUE-y)
|
||||||
IPT_BUILTIN += $(EBTABLES-y)
|
IPT_BUILTIN += $(EBTABLES-y)
|
||||||
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
||||||
IPT_BUILTIN += $(EBTABLES_IP6-y)
|
IPT_BUILTIN += $(EBTABLES_IP6-y)
|
||||||
|
|
|
@ -278,6 +278,40 @@ endef
|
||||||
$(eval $(call KernelPackage,ipt-ulog))
|
$(eval $(call KernelPackage,ipt-ulog))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-nflog
|
||||||
|
TITLE:=Module for user-space packet logging
|
||||||
|
KCONFIG:=$(KCONFIG_IPT_NFLOG)
|
||||||
|
FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
|
||||||
|
$(call AddDepends/ipt,+kmod-nfnetlink-log)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/ipt-nflog/description
|
||||||
|
Netfilter module for user-space packet logging
|
||||||
|
Includes:
|
||||||
|
- NFLOG
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,ipt-nflog))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-nfqueue
|
||||||
|
TITLE:=Module for user-space packet queuing
|
||||||
|
KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
|
||||||
|
FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
|
||||||
|
$(call AddDepends/ipt,+kmod-nfnetlink-queue)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/ipt-nfqueue/description
|
||||||
|
Netfilter module for user-space packet queuing
|
||||||
|
Includes:
|
||||||
|
- NFQUEUE
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,ipt-nfqueue))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-debug
|
define KernelPackage/ipt-debug
|
||||||
TITLE:=Module for debugging/development
|
TITLE:=Module for debugging/development
|
||||||
KCONFIG:=$(KCONFIG_IPT_DEBUG)
|
KCONFIG:=$(KCONFIG_IPT_DEBUG)
|
||||||
|
@ -530,10 +564,10 @@ $(eval $(call KernelPackage,ebtables-watchers))
|
||||||
define KernelPackage/nfnetlink
|
define KernelPackage/nfnetlink
|
||||||
SUBMENU:=$(NF_MENU)
|
SUBMENU:=$(NF_MENU)
|
||||||
TITLE:=Netlink-based userspace interface
|
TITLE:=Netlink-based userspace interface
|
||||||
DEPENDS:=+kmod-ipt-core
|
FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
|
KCONFIG:=$(KCONFIG_NFNETLINK)
|
||||||
KCONFIG:=CONFIG_NETFILTER_NETLINK
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
|
||||||
AUTOLOAD:=$(call AutoProbe,nfnetlink)
|
$(call AddDepends/ipt)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/nfnetlink/description
|
define KernelPackage/nfnetlink/description
|
||||||
|
@ -551,14 +585,16 @@ endef
|
||||||
|
|
||||||
define KernelPackage/nfnetlink-log
|
define KernelPackage/nfnetlink-log
|
||||||
TITLE:=Netfilter LOG over NFNETLINK interface
|
TITLE:=Netfilter LOG over NFNETLINK interface
|
||||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
|
FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
|
KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
|
||||||
AUTOLOAD:=$(call AutoProbe,nfnetlink_log)
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
|
||||||
$(call AddDepends/nfnetlink)
|
$(call AddDepends/nfnetlink)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/nfnetlink-log/description
|
define KernelPackage/nfnetlink-log/description
|
||||||
Kernel modules support for logging packets via NFNETLINK
|
Kernel modules support for logging packets via NFNETLINK
|
||||||
|
Includes:
|
||||||
|
- NFLOG
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,nfnetlink-log))
|
$(eval $(call KernelPackage,nfnetlink-log))
|
||||||
|
@ -566,14 +602,16 @@ $(eval $(call KernelPackage,nfnetlink-log))
|
||||||
|
|
||||||
define KernelPackage/nfnetlink-queue
|
define KernelPackage/nfnetlink-queue
|
||||||
TITLE:=Netfilter QUEUE over NFNETLINK interface
|
TITLE:=Netfilter QUEUE over NFNETLINK interface
|
||||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
|
FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||||
KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
|
KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
|
||||||
AUTOLOAD:=$(call AutoProbe,nfnetlink_queue)
|
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
|
||||||
$(call AddDepends/nfnetlink)
|
$(call AddDepends/nfnetlink)
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define KernelPackage/nfnetlink-queue/description
|
define KernelPackage/nfnetlink-queue/description
|
||||||
Kernel modules support for queueing packets via NFNETLINK
|
Kernel modules support for queueing packets via NFNETLINK
|
||||||
|
Includes:
|
||||||
|
- NFQUEUE
|
||||||
endef
|
endef
|
||||||
|
|
||||||
$(eval $(call KernelPackage,nfnetlink-queue))
|
$(eval $(call KernelPackage,nfnetlink-queue))
|
||||||
|
|
|
@ -194,6 +194,32 @@ iptables extensions for user-space packet logging.
|
||||||
|
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-nflog
|
||||||
|
$(call Package/iptables/Module, +kmod-nfnetlink-log)
|
||||||
|
TITLE:=Netfilter NFLOG target
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-nflog/description
|
||||||
|
iptables extension for user-space logging via NFNETLINK.
|
||||||
|
|
||||||
|
Includes:
|
||||||
|
- libxt_NFLOG
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-nfqueue
|
||||||
|
$(call Package/iptables/Module, +kmod-nfnetlink-queue)
|
||||||
|
TITLE:=Netfilter NFQUEUE target
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-nfqueue/description
|
||||||
|
iptables extension for user-space queuing via NFNETLINK.
|
||||||
|
|
||||||
|
Includes:
|
||||||
|
- libxt_NFQUEUE
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
define Package/iptables-mod-hashlimit
|
define Package/iptables-mod-hashlimit
|
||||||
$(call Package/iptables/Module, +kmod-ipt-hashlimit)
|
$(call Package/iptables/Module, +kmod-ipt-hashlimit)
|
||||||
TITLE:=hashlimit matching
|
TITLE:=hashlimit matching
|
||||||
|
@ -469,6 +495,8 @@ $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
|
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
|
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
|
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
|
||||||
|
$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
|
||||||
|
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
|
||||||
$(eval $(call BuildPackage,ip6tables))
|
$(eval $(call BuildPackage,ip6tables))
|
||||||
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
|
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
|
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
|
||||||
|
|
Loading…
Reference in New Issue