diff options
author | Martin Wetterwald <martin.wetterwald@corp.ovh.com> | 2017-01-12 15:06:00 +0100 |
---|---|---|
committer | Jo-Philipp Wich <jo@mein.io> | 2017-10-27 02:31:33 +0200 |
commit | 378e1a4858b9c51e6fcf396adc602fd835280759 (patch) | |
tree | b1cd1f21f48c4119058ee73780d85b65c6a5a576 /README | |
parent | 56342ee2bcbf9bf8918a01045471c7bb7faa1596 (diff) | |
download | upstream-378e1a4858b9c51e6fcf396adc602fd835280759.tar.gz upstream-378e1a4858b9c51e6fcf396adc602fd835280759.tar.bz2 upstream-378e1a4858b9c51e6fcf396adc602fd835280759.zip |
iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.
I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!
https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions