summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2010-06-22 22:39:22 +0000
committerJo-Philipp Wich <jow@openwrt.org>2010-06-22 22:39:22 +0000
commit91468dcf4ff06a7d691f3dcbc63c152b669ac72b (patch)
treec8cc5e96d1292108714fcf1e282da2d4a6a3a2f8
parentded2b7765262a6a9903e7e31bf715625c6f83cd0 (diff)
downloadmaster-31e0f0ae-91468dcf4ff06a7d691f3dcbc63c152b669ac72b.tar.gz
master-31e0f0ae-91468dcf4ff06a7d691f3dcbc63c152b669ac72b.tar.bz2
master-31e0f0ae-91468dcf4ff06a7d691f3dcbc63c152b669ac72b.zip
package TPROXY target and module infrastructure
SVN-Revision: 21883
-rw-r--r--include/netfilter.mk7
-rw-r--r--package/iptables/Makefile14
-rw-r--r--package/kernel/modules/netfilter.mk21
-rw-r--r--target/linux/generic-2.6/config-2.6.252
-rw-r--r--target/linux/generic-2.6/config-2.6.302
-rw-r--r--target/linux/generic-2.6/config-2.6.312
-rw-r--r--target/linux/generic-2.6/config-2.6.322
-rw-r--r--target/linux/generic-2.6/config-2.6.332
-rw-r--r--target/linux/generic-2.6/config-2.6.342
-rw-r--r--target/linux/generic-2.6/config-2.6.352
10 files changed, 56 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 2be72db8a2..77820c79a8 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -277,6 +277,12 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
+# tproxy
+
+$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
+$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
+
+
#
# ebtables
#
@@ -329,6 +335,7 @@ IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
IPT_BUILTIN += $(IPT_NATHELPER-y)
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
IPT_BUILTIN += $(IPT_ULOG-y)
+IPT_BUILTIN += $(IPT_TPROXY-y)
IPT_BUILTIN += $(EBTABLES-y)
IPT_BUILTIN += $(EBTABLES_IP4-y)
IPT_BUILTIN += $(EBTALTES_IP6-y)
diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index d8698c5de6..b37a66fd3f 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -214,6 +214,19 @@ Includes:
- libipt_recent
endef
+define Package/iptables-mod-tproxy
+$(call Package/iptables/Module, +kmod-ipt-tproxy)
+ TITLE:=Transparent proxy iptables extensions
+endef
+
+define Package/iptables-mod-tproxy/description
+Transparent proxy iptables extensions.
+Includes:
+- libxt_socket
+- libxt_TPROXY
+endef
+
+
define Package/iptables-utils
$(call Package/iptables/Module, )
TITLE:=iptables save and restore utilities
@@ -380,6 +393,7 @@ $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
$(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
$(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
$(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
+$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPackage,ip6tables-utils))
$(eval $(call BuildPackage,libiptc))
diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index 7c3fe2241a..3fbd641318 100644
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -283,6 +283,27 @@ endef
$(eval $(call KernelPackage,ipt-ulog))
+define KernelPackage/ipt-tproxy
+ TITLE:=Transparent proxying support
+ DEPENDS:=@LINUX_2_6
+ KCONFIG:= \
+ CONFIG_NETFILTER_TPROXY \
+ CONFIG_NETFILTER_XT_MATCH_SOCKET \
+ CONFIG_NETFILTER_XT_TARGET_TPROXY
+ FILES:= \
+ $(LINUX_DIR)/net/netfilter/nf_tproxy_core.$(LINUX_KMOD_SUFFIX) \
+ $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
+ AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
+ $(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-tproxy/description
+ Kernel modules for Transparent Proxying
+endef
+
+$(eval $(call KernelPackage,ipt-tproxy))
+
+
define KernelPackage/ipt-iprange
TITLE:=Module for matching ip ranges
KCONFIG:=$(KCONFIG_IPT_IPRANGE)
diff --git a/target/linux/generic-2.6/config-2.6.25 b/target/linux/generic-2.6/config-2.6.25
index a97db408a8..cf29de5aed 100644
--- a/target/linux/generic-2.6/config-2.6.25
+++ b/target/linux/generic-2.6/config-2.6.25
@@ -971,6 +971,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -984,6 +985,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.30 b/target/linux/generic-2.6/config-2.6.30
index c73d8d8b47..1e0b546e4d 100644
--- a/target/linux/generic-2.6/config-2.6.30
+++ b/target/linux/generic-2.6/config-2.6.30
@@ -1356,6 +1356,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1372,6 +1373,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.31 b/target/linux/generic-2.6/config-2.6.31
index 9f76b7ad0d..69690b157c 100644
--- a/target/linux/generic-2.6/config-2.6.31
+++ b/target/linux/generic-2.6/config-2.6.31
@@ -1352,6 +1352,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1368,6 +1369,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.32 b/target/linux/generic-2.6/config-2.6.32
index 4c38c50a0e..f9fab66a96 100644
--- a/target/linux/generic-2.6/config-2.6.32
+++ b/target/linux/generic-2.6/config-2.6.32
@@ -1433,6 +1433,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1449,6 +1450,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.33 b/target/linux/generic-2.6/config-2.6.33
index da73284891..c2955f695e 100644
--- a/target/linux/generic-2.6/config-2.6.33
+++ b/target/linux/generic-2.6/config-2.6.33
@@ -1477,6 +1477,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1493,6 +1494,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.34 b/target/linux/generic-2.6/config-2.6.34
index 1d166309c0..6d056b5440 100644
--- a/target/linux/generic-2.6/config-2.6.34
+++ b/target/linux/generic-2.6/config-2.6.34
@@ -1508,6 +1508,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1524,6 +1525,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y
diff --git a/target/linux/generic-2.6/config-2.6.35 b/target/linux/generic-2.6/config-2.6.35
index 5a17144016..7e1f5709ca 100644
--- a/target/linux/generic-2.6/config-2.6.35
+++ b/target/linux/generic-2.6/config-2.6.35
@@ -1535,6 +1535,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_MATCH_STATE is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1552,6 +1553,7 @@ CONFIG_NETFILTER_ADVANCED=y
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
CONFIG_NETFILTER=y
CONFIG_NET_IPGRE_BROADCAST=y