mirror of
https://github.com/Ysurac/openmptcprouter.git
synced 2025-02-12 19:31:52 +00:00
61 lines
2.2 KiB
Diff
61 lines
2.2 KiB
Diff
From 0f5291c8e2418bf489893121ef8d5438767a809a Mon Sep 17 00:00:00 2001
|
|
From: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
|
|
Date: Thu, 12 Jan 2017 15:06:00 +0100
|
|
Subject: [PATCH] iptables: Fix target TRACE issue
|
|
|
|
The package kmod-ipt-debug builds the module xt_TRACE, which allows
|
|
users to use '-j TRACE' as target in the chain PREROUTING of the table
|
|
raw in iptables.
|
|
|
|
The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
|
|
that this feature which is implemented deep inside the linux IP stack
|
|
(for example in sk_buff) is compiled.
|
|
|
|
But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
|
|
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
|
|
fails as this dynamic library is not present on the system.
|
|
|
|
I created the package iptables-mod-trace which takes care of that, and
|
|
target TRACE now works!
|
|
|
|
https://dev.openwrt.org/ticket/16694
|
|
https://dev.openwrt.org/ticket/19661
|
|
|
|
Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
|
|
---
|
|
package/network/utils/iptables/Makefile | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile
|
|
index ac869f0385..0604f6f0a8 100644
|
|
--- a/package/network/utils/iptables/Makefile
|
|
+++ b/package/network/utils/iptables/Makefile
|
|
@@ -203,6 +203,20 @@ define Package/iptables-mod-nflog/description
|
|
|
|
endef
|
|
|
|
+define Package/iptables-mod-trace
|
|
+$(call Package/iptables/Module, +kmod-ipt-debug)
|
|
+ TITLE:=Netfilter TRACE target
|
|
+endef
|
|
+
|
|
+define Package/iptables-mod-trace/description
|
|
+ iptables extension for TRACE target
|
|
+
|
|
+ Includes:
|
|
+ - libxt_TRACE
|
|
+
|
|
+endef
|
|
+
|
|
+
|
|
define Package/iptables-mod-nfqueue
|
|
$(call Package/iptables/Module, +kmod-nfnetlink-queue +kmod-ipt-nfqueue)
|
|
TITLE:=Netfilter NFQUEUE target
|
|
@@ -548,6 +562,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
|
|
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
|
|
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
|
|
$(eval $(call BuildPlugin,iptables-mod-nflog,$(IPT_NFLOG-m)))
|
|
+$(eval $(call BuildPlugin,iptables-mod-trace,$(IPT_DEBUG-m)))
|
|
$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(IPT_NFQUEUE-m)))
|
|
$(eval $(call BuildPackage,ip6tables))
|
|
$(eval $(call BuildPlugin,ip6tables-extra,$(IPT_IPV6_EXTRA-m)))
|