iptables: NFLOG and NFQUEUE targets' full support
NFLOG and NFQUEUE targets' full support for iptables. Includes all needed kernel modules (Xtables's and Netlink's) and userspace libraries. All added kernel modules can be individually disabled, all other new libraries get their own individual packages. Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at> Reported-by: Derek LaHousse <dlahouss@mtu.edu> Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com> SVN-Revision: 42022
This commit is contained in:
Steven Barth
parent
6656292619
commit
9f2a17103f
3 changed files with 103 additions and 10 deletions
|
|
@ -225,6 +225,16 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue, lt 3.5.0))
|
|||
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
||||
|
||||
|
||||
# nflog
|
||||
|
||||
$(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
|
||||
|
||||
|
||||
# nfqueue
|
||||
|
||||
$(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE))
|
||||
|
||||
|
||||
# debugging
|
||||
|
||||
$(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
|
||||
|
|
@ -245,6 +255,19 @@ $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE))
|
|||
|
||||
$(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, $(P_XT)xt_u32))
|
||||
|
||||
|
||||
# netlink
|
||||
|
||||
$(eval $(call nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink))
|
||||
|
||||
# nflog
|
||||
|
||||
$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log))
|
||||
|
||||
# nfqueue
|
||||
|
||||
$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue))
|
||||
|
||||
#
|
||||
# ebtables
|
||||
#
|
||||
|
|
@ -279,6 +302,7 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
|
|||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
|
||||
$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
|
||||
|
||||
|
||||
# userland only
|
||||
|
|
@ -299,6 +323,9 @@ IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
|||
IPT_BUILTIN += $(IPT_ULOG-y)
|
||||
IPT_BUILTIN += $(IPT_DEBUG-y)
|
||||
IPT_BUILTIN += $(IPT_TPROXY-y)
|
||||
IPT_BUILTIN += $(NFNETLINK-y)
|
||||
IPT_BUILTIN += $(NFNETLINK_LOG-y)
|
||||
IPT_BUILTIN += $(NFNETLINK_QUEUE-y)
|
||||
IPT_BUILTIN += $(EBTABLES-y)
|
||||
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
||||
IPT_BUILTIN += $(EBTABLES_IP6-y)
|
||||
|
|
|
|||
|
|
@ -278,6 +278,40 @@ endef
|
|||
$(eval $(call KernelPackage,ipt-ulog))
|
||||
|
||||
|
||||
define KernelPackage/ipt-nflog
|
||||
TITLE:=Module for user-space packet logging
|
||||
KCONFIG:=$(KCONFIG_IPT_NFLOG)
|
||||
FILES:=$(foreach mod,$(IPT_NFLOG-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFLOG-m)))
|
||||
$(call AddDepends/ipt,+kmod-nfnetlink-log)
|
||||
endef
|
||||
|
||||
define KernelPackage/ipt-nflog/description
|
||||
Netfilter module for user-space packet logging
|
||||
Includes:
|
||||
- NFLOG
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-nflog))
|
||||
|
||||
|
||||
define KernelPackage/ipt-nfqueue
|
||||
TITLE:=Module for user-space packet queuing
|
||||
KCONFIG:=$(KCONFIG_IPT_NFQUEUE)
|
||||
FILES:=$(foreach mod,$(IPT_NFQUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_NFQUEUE-m)))
|
||||
$(call AddDepends/ipt,+kmod-nfnetlink-queue)
|
||||
endef
|
||||
|
||||
define KernelPackage/ipt-nfqueue/description
|
||||
Netfilter module for user-space packet queuing
|
||||
Includes:
|
||||
- NFQUEUE
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,ipt-nfqueue))
|
||||
|
||||
|
||||
define KernelPackage/ipt-debug
|
||||
TITLE:=Module for debugging/development
|
||||
KCONFIG:=$(KCONFIG_IPT_DEBUG)
|
||||
|
|
@ -530,10 +564,10 @@ $(eval $(call KernelPackage,ebtables-watchers))
|
|||
define KernelPackage/nfnetlink
|
||||
SUBMENU:=$(NF_MENU)
|
||||
TITLE:=Netlink-based userspace interface
|
||||
DEPENDS:=+kmod-ipt-core
|
||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko
|
||||
KCONFIG:=CONFIG_NETFILTER_NETLINK
|
||||
AUTOLOAD:=$(call AutoProbe,nfnetlink)
|
||||
FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
KCONFIG:=$(KCONFIG_NFNETLINK)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK-m)))
|
||||
$(call AddDepends/ipt)
|
||||
endef
|
||||
|
||||
define KernelPackage/nfnetlink/description
|
||||
|
|
@ -551,14 +585,16 @@ endef
|
|||
|
||||
define KernelPackage/nfnetlink-log
|
||||
TITLE:=Netfilter LOG over NFNETLINK interface
|
||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko
|
||||
KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG
|
||||
AUTOLOAD:=$(call AutoProbe,nfnetlink_log)
|
||||
FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
KCONFIG:=$(KCONFIG_NFNETLINK_LOG)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_LOG-m)))
|
||||
$(call AddDepends/nfnetlink)
|
||||
endef
|
||||
|
||||
define KernelPackage/nfnetlink-log/description
|
||||
Kernel modules support for logging packets via NFNETLINK
|
||||
Includes:
|
||||
- NFLOG
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,nfnetlink-log))
|
||||
|
|
@ -566,14 +602,16 @@ $(eval $(call KernelPackage,nfnetlink-log))
|
|||
|
||||
define KernelPackage/nfnetlink-queue
|
||||
TITLE:=Netfilter QUEUE over NFNETLINK interface
|
||||
FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko
|
||||
KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE
|
||||
AUTOLOAD:=$(call AutoProbe,nfnetlink_queue)
|
||||
FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)
|
||||
KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)
|
||||
AUTOLOAD:=$(call AutoProbe,$(notdir $(NFNETLINK_QUEUE-m)))
|
||||
$(call AddDepends/nfnetlink)
|
||||
endef
|
||||
|
||||
define KernelPackage/nfnetlink-queue/description
|
||||
Kernel modules support for queueing packets via NFNETLINK
|
||||
Includes:
|
||||
- NFQUEUE
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,nfnetlink-queue))
|
||||
|
|
|
|||
|
|
@ -194,6 +194,32 @@ iptables extensions for user-space packet logging.
|
|||
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-nflog
|
||||
$(call Package/iptables/Module, +kmod-nfnetlink-log)
|
||||
TITLE:=Netfilter NFLOG target
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-nflog/description
|
||||
iptables extension for user-space logging via NFNETLINK.
|
||||
|
||||
Includes:
|
||||
- libxt_NFLOG
|
||||
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-nfqueue
|
||||
$(call Package/iptables/Module, +kmod-nfnetlink-queue)
|
||||
TITLE:=Netfilter NFQUEUE target
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-nfqueue/description
|
||||
iptables extension for user-space queuing via NFNETLINK.
|
||||
|
||||
Includes:
|
||||
- libxt_NFQUEUE
|
||||
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-hashlimit
|
||||
$(call Package/iptables/Module, +kmod-ipt-hashlimit)
|
||||
TITLE:=hashlimit matching
|
||||
|
|
@ -469,6 +495,8 @@ $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))
|
|||
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
|
||||
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
|
||||
$(eval $(call BuildPackage,ip6tables))
|
||||
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
|
||||
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
|
||||
|
|
|
|||
Loading…
Reference in a new issue