mirror of
git://projects.qi-hardware.com/openwrt-xburst.git
synced 2024-11-24 00:30:16 +02:00
[netfilter] package TPROXY target and module infrastructure
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
This commit is contained in:
parent
40c0f7f2fc
commit
86b9c1df64
@ -277,6 +277,12 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
|
|||||||
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
|
||||||
|
|
||||||
|
|
||||||
|
# tproxy
|
||||||
|
|
||||||
|
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
|
||||||
|
$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
|
||||||
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# ebtables
|
# ebtables
|
||||||
#
|
#
|
||||||
@ -329,6 +335,7 @@ IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
|
|||||||
IPT_BUILTIN += $(IPT_NATHELPER-y)
|
IPT_BUILTIN += $(IPT_NATHELPER-y)
|
||||||
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
|
||||||
IPT_BUILTIN += $(IPT_ULOG-y)
|
IPT_BUILTIN += $(IPT_ULOG-y)
|
||||||
|
IPT_BUILTIN += $(IPT_TPROXY-y)
|
||||||
IPT_BUILTIN += $(EBTABLES-y)
|
IPT_BUILTIN += $(EBTABLES-y)
|
||||||
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
IPT_BUILTIN += $(EBTABLES_IP4-y)
|
||||||
IPT_BUILTIN += $(EBTALTES_IP6-y)
|
IPT_BUILTIN += $(EBTALTES_IP6-y)
|
||||||
|
@ -214,6 +214,19 @@ Includes:
|
|||||||
- libipt_recent
|
- libipt_recent
|
||||||
endef
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-tproxy
|
||||||
|
$(call Package/iptables/Module, +kmod-ipt-tproxy)
|
||||||
|
TITLE:=Transparent proxy iptables extensions
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/iptables-mod-tproxy/description
|
||||||
|
Transparent proxy iptables extensions.
|
||||||
|
Includes:
|
||||||
|
- libxt_socket
|
||||||
|
- libxt_TPROXY
|
||||||
|
endef
|
||||||
|
|
||||||
|
|
||||||
define Package/iptables-utils
|
define Package/iptables-utils
|
||||||
$(call Package/iptables/Module, )
|
$(call Package/iptables/Module, )
|
||||||
TITLE:=iptables save and restore utilities
|
TITLE:=iptables save and restore utilities
|
||||||
@ -380,6 +393,7 @@ $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
|
|||||||
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
|
||||||
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
|
||||||
|
$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
|
||||||
$(eval $(call BuildPackage,ip6tables))
|
$(eval $(call BuildPackage,ip6tables))
|
||||||
$(eval $(call BuildPackage,ip6tables-utils))
|
$(eval $(call BuildPackage,ip6tables-utils))
|
||||||
$(eval $(call BuildPackage,libiptc))
|
$(eval $(call BuildPackage,libiptc))
|
||||||
|
@ -283,6 +283,27 @@ endef
|
|||||||
$(eval $(call KernelPackage,ipt-ulog))
|
$(eval $(call KernelPackage,ipt-ulog))
|
||||||
|
|
||||||
|
|
||||||
|
define KernelPackage/ipt-tproxy
|
||||||
|
TITLE:=Transparent proxying support
|
||||||
|
DEPENDS:=@LINUX_2_6
|
||||||
|
KCONFIG:= \
|
||||||
|
CONFIG_NETFILTER_TPROXY \
|
||||||
|
CONFIG_NETFILTER_XT_MATCH_SOCKET \
|
||||||
|
CONFIG_NETFILTER_XT_TARGET_TPROXY
|
||||||
|
FILES:= \
|
||||||
|
$(LINUX_DIR)/net/netfilter/nf_tproxy_core.$(LINUX_KMOD_SUFFIX) \
|
||||||
|
$(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
|
||||||
|
AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
|
||||||
|
$(call AddDepends/ipt)
|
||||||
|
endef
|
||||||
|
|
||||||
|
define KernelPackage/ipt-tproxy/description
|
||||||
|
Kernel modules for Transparent Proxying
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call KernelPackage,ipt-tproxy))
|
||||||
|
|
||||||
|
|
||||||
define KernelPackage/ipt-iprange
|
define KernelPackage/ipt-iprange
|
||||||
TITLE:=Module for matching ip ranges
|
TITLE:=Module for matching ip ranges
|
||||||
KCONFIG:=$(KCONFIG_IPT_IPRANGE)
|
KCONFIG:=$(KCONFIG_IPT_IPRANGE)
|
||||||
|
@ -971,6 +971,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -984,6 +985,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1356,6 +1356,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1372,6 +1373,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1352,6 +1352,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1368,6 +1369,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1433,6 +1433,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1449,6 +1450,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1477,6 +1477,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1493,6 +1494,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1508,6 +1508,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1524,6 +1525,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
@ -1535,6 +1535,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
|
||||||
|
# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
|
||||||
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
|
||||||
@ -1552,6 +1553,7 @@ CONFIG_NETFILTER_ADVANCED=y
|
|||||||
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
|
||||||
|
# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
|
||||||
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
|
||||||
CONFIG_NETFILTER=y
|
CONFIG_NETFILTER=y
|
||||||
CONFIG_NET_IPGRE_BROADCAST=y
|
CONFIG_NET_IPGRE_BROADCAST=y
|
||||||
|
Loading…
Reference in New Issue
Block a user