diff options
| -rw-r--r-- | include/netfilter.mk | 7 | ||||
| -rw-r--r-- | package/iptables/Makefile | 14 | ||||
| -rw-r--r-- | package/kernel/modules/netfilter.mk | 21 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.25 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.30 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.31 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.32 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.33 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.34 | 2 | ||||
| -rw-r--r-- | target/linux/generic-2.6/config-2.6.35 | 2 |
10 files changed, 56 insertions, 0 deletions
diff --git a/include/netfilter.mk b/include/netfilter.mk index 2be72db8a..77820c79a 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -277,6 +277,12 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue)) $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG)) +# tproxy + +$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket)) +$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY)) + + # # ebtables # @@ -329,6 +335,7 @@ IPT_BUILTIN += $(IPT_NAT_EXTRA-y) IPT_BUILTIN += $(IPT_NATHELPER-y) IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) IPT_BUILTIN += $(IPT_ULOG-y) +IPT_BUILTIN += $(IPT_TPROXY-y) IPT_BUILTIN += $(EBTABLES-y) IPT_BUILTIN += $(EBTABLES_IP4-y) IPT_BUILTIN += $(EBTALTES_IP6-y) diff --git a/package/iptables/Makefile b/package/iptables/Makefile index d8698c5de..b37a66fd3 100644 --- a/package/iptables/Makefile +++ b/package/iptables/Makefile @@ -214,6 +214,19 @@ Includes: - libipt_recent endef +define Package/iptables-mod-tproxy +$(call Package/iptables/Module, +kmod-ipt-tproxy) + TITLE:=Transparent proxy iptables extensions +endef + +define Package/iptables-mod-tproxy/description +Transparent proxy iptables extensions. +Includes: +- libxt_socket +- libxt_TPROXY +endef + + define Package/iptables-utils $(call Package/iptables/Module, ) TITLE:=iptables save and restore utilities @@ -380,6 +393,7 @@ $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m))) $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m))) $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m))) $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) +$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPackage,ip6tables-utils)) $(eval $(call BuildPackage,libiptc)) diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk index 7c3fe2241..3fbd64131 100644 --- a/package/kernel/modules/netfilter.mk +++ b/package/kernel/modules/netfilter.mk @@ -283,6 +283,27 @@ endef $(eval $(call KernelPackage,ipt-ulog)) +define KernelPackage/ipt-tproxy + TITLE:=Transparent proxying support + DEPENDS:=@LINUX_2_6 + KCONFIG:= \ + CONFIG_NETFILTER_TPROXY \ + CONFIG_NETFILTER_XT_MATCH_SOCKET \ + CONFIG_NETFILTER_XT_TARGET_TPROXY + FILES:= \ + $(LINUX_DIR)/net/netfilter/nf_tproxy_core.$(LINUX_KMOD_SUFFIX) \ + $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX)) + AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tproxy_core $(IPT_TPROXY-m))) + $(call AddDepends/ipt) +endef + +define KernelPackage/ipt-tproxy/description + Kernel modules for Transparent Proxying +endef + +$(eval $(call KernelPackage,ipt-tproxy)) + + define KernelPackage/ipt-iprange TITLE:=Module for matching ip ranges KCONFIG:=$(KCONFIG_IPT_IPRANGE) diff --git a/target/linux/generic-2.6/config-2.6.25 b/target/linux/generic-2.6/config-2.6.25 index a97db408a..cf29de5ae 100644 --- a/target/linux/generic-2.6/config-2.6.25 +++ b/target/linux/generic-2.6/config-2.6.25 @@ -971,6 +971,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -984,6 +985,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.30 b/target/linux/generic-2.6/config-2.6.30 index c73d8d8b4..1e0b546e4 100644 --- a/target/linux/generic-2.6/config-2.6.30 +++ b/target/linux/generic-2.6/config-2.6.30 @@ -1356,6 +1356,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1372,6 +1373,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.31 b/target/linux/generic-2.6/config-2.6.31 index 9f76b7ad0..69690b157 100644 --- a/target/linux/generic-2.6/config-2.6.31 +++ b/target/linux/generic-2.6/config-2.6.31 @@ -1352,6 +1352,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1368,6 +1369,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.32 b/target/linux/generic-2.6/config-2.6.32 index 4c38c50a0..f9fab66a9 100644 --- a/target/linux/generic-2.6/config-2.6.32 +++ b/target/linux/generic-2.6/config-2.6.32 @@ -1433,6 +1433,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1449,6 +1450,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.33 b/target/linux/generic-2.6/config-2.6.33 index da7328489..c2955f695 100644 --- a/target/linux/generic-2.6/config-2.6.33 +++ b/target/linux/generic-2.6/config-2.6.33 @@ -1477,6 +1477,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1493,6 +1494,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.34 b/target/linux/generic-2.6/config-2.6.34 index 1d166309c..6d056b544 100644 --- a/target/linux/generic-2.6/config-2.6.34 +++ b/target/linux/generic-2.6/config-2.6.34 @@ -1508,6 +1508,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1524,6 +1525,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y diff --git a/target/linux/generic-2.6/config-2.6.35 b/target/linux/generic-2.6/config-2.6.35 index 5a1714401..7e1f5709c 100644 --- a/target/linux/generic-2.6/config-2.6.35 +++ b/target/linux/generic-2.6/config-2.6.35 @@ -1535,6 +1535,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_MATCH_STATE is not set # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set # CONFIG_NETFILTER_XT_MATCH_STRING is not set +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set # CONFIG_NETFILTER_XT_MATCH_TIME is not set # CONFIG_NETFILTER_XT_MATCH_U32 is not set @@ -1552,6 +1553,7 @@ CONFIG_NETFILTER_ADVANCED=y # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set # CONFIG_NETFILTER_XT_TARGET_TEE is not set +# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set # CONFIG_NETFILTER_XT_TARGET_TRACE is not set CONFIG_NETFILTER=y CONFIG_NET_IPGRE_BROADCAST=y |