package TPROXY target and module infrastructure

SVN-Revision: 21883

diff --git a/include/netfilter.mk b/include/netfilter.mk
index 2be72db8a25fd6b8a2bd27cc59204b6fbad5eb0b..77820c79a8d0ba3ed9ea8c6dc581477361696b5a 100644 (file)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -277,6 +277,12 @@ $(eval $(call nf_add,IPT_QUEUE,CONFIG_IP_NF_QUEUE, $(P_V4)ip_queue))
 $(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
 
 
+# tproxy
+
+$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
+$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
+
+
 #
 # ebtables
 #
@@ -329,6 +335,7 @@ IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
 IPT_BUILTIN += $(IPT_NATHELPER-y)
 IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)
 IPT_BUILTIN += $(IPT_ULOG-y)
+IPT_BUILTIN += $(IPT_TPROXY-y)
 IPT_BUILTIN += $(EBTABLES-y)
 IPT_BUILTIN += $(EBTABLES_IP4-y)
 IPT_BUILTIN += $(EBTALTES_IP6-y)

diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index d8698c5de6aae63aca9548c47675c39680968162..b37a66fd3fef4ba1567d319b482b460104bbcc9e 100644 (file)
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -214,6 +214,19 @@ Includes:
 - libipt_recent
 endef
 
+define Package/iptables-mod-tproxy
+$(call Package/iptables/Module, +kmod-ipt-tproxy)
+  TITLE:=Transparent proxy iptables extensions
+endef
+
+define Package/iptables-mod-tproxy/description
+Transparent proxy iptables extensions.
+Includes:
+- libxt_socket
+- libxt_TPROXY
+endef
+
+
 define Package/iptables-utils
 $(call Package/iptables/Module, )
   TITLE:=iptables save and restore utilities
@@ -380,6 +393,7 @@ $(eval $(call BuildPlugin,iptables-mod-nat,$(IPT_NAT-m)))
 $(eval $(call BuildPlugin,iptables-mod-nat-extra,$(IPT_NAT_EXTRA-m)))
 $(eval $(call BuildPlugin,iptables-mod-iprange,$(IPT_IPRANGE-m)))
 $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m)))
+$(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
 $(eval $(call BuildPackage,ip6tables))
 $(eval $(call BuildPackage,ip6tables-utils))
 $(eval $(call BuildPackage,libiptc))

diff --git a/package/kernel/modules/netfilter.mk b/package/kernel/modules/netfilter.mk
index 7c3fe2241ae263799ec94ab0ae1e1fa14d0f7e3d..3fbd641318603ae649d8e74bd85743da02f43c76 100644 (file)
--- a/package/kernel/modules/netfilter.mk
+++ b/package/kernel/modules/netfilter.mk
@@ -283,6 +283,27 @@ endef
 $(eval $(call KernelPackage,ipt-ulog))
 
 
+define KernelPackage/ipt-tproxy
+  TITLE:=Transparent proxying support
+  DEPENDS:=@LINUX_2_6
+  KCONFIG:= \
+       CONFIG_NETFILTER_TPROXY \
+       CONFIG_NETFILTER_XT_MATCH_SOCKET \
+       CONFIG_NETFILTER_XT_TARGET_TPROXY
+  FILES:= \
+       $(LINUX_DIR)/net/netfilter/nf_tproxy_core.$(LINUX_KMOD_SUFFIX) \
+       $(foreach mod,$(IPT_TPROXY-m),$(LINUX_DIR)/net/$(mod).$(LINUX_KMOD_SUFFIX))
+  AUTOLOAD:=$(call AutoLoad,45,$(notdir nf_tproxy_core $(IPT_TPROXY-m)))
+  $(call AddDepends/ipt)
+endef
+
+define KernelPackage/ipt-tproxy/description
+  Kernel modules for Transparent Proxying
+endef
+
+$(eval $(call KernelPackage,ipt-tproxy))
+
+
 define KernelPackage/ipt-iprange
   TITLE:=Module for matching ip ranges
   KCONFIG:=$(KCONFIG_IPT_IPRANGE)

diff --git a/target/linux/generic-2.6/config-2.6.25 b/target/linux/generic-2.6/config-2.6.25
index a97db408a88530012d949013d79e149b01f54db9..cf29de5aed2395b4eac022e84e7e4379e5b2fe33 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.25
+++ b/target/linux/generic-2.6/config-2.6.25
@@ -971,6 +971,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -984,6 +985,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.30 b/target/linux/generic-2.6/config-2.6.30
index c73d8d8b47797c06209a6cb81b87e604fd0d7dc9..1e0b546e4dab31f77a5b4be5af5cc42373952340 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.30
+++ b/target/linux/generic-2.6/config-2.6.30
@@ -1356,6 +1356,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1372,6 +1373,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.31 b/target/linux/generic-2.6/config-2.6.31
index 9f76b7ad0d9e4994157f56427d027340daf001ac..69690b157cbc16b28d136b167fdccd86445afcea 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.31
+++ b/target/linux/generic-2.6/config-2.6.31
@@ -1352,6 +1352,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1368,6 +1369,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.32 b/target/linux/generic-2.6/config-2.6.32
index 4c38c50a0ec0c3f3057ff1af505cc861d6772244..f9fab66a967fb7937364d8e0ac7d28d062cdf863 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.32
+++ b/target/linux/generic-2.6/config-2.6.32
@@ -1433,6 +1433,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1449,6 +1450,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.33 b/target/linux/generic-2.6/config-2.6.33
index da7328489103d6553b031abb2568ccd0a15a0122..c2955f695ed2cbfdc6444cc8cffe40bc443d7b3a 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.33
+++ b/target/linux/generic-2.6/config-2.6.33
@@ -1477,6 +1477,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1493,6 +1494,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.34 b/target/linux/generic-2.6/config-2.6.34
index 1d166309c0d3941bcf8a1a55e9af1697bcf547e1..6d056b5440cb88e66a14c650bae43b94c7992549 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.34
+++ b/target/linux/generic-2.6/config-2.6.34
@@ -1508,6 +1508,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1524,6 +1525,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y

diff --git a/target/linux/generic-2.6/config-2.6.35 b/target/linux/generic-2.6/config-2.6.35
index 5a17144016c6904d639170e544d96cc06e151604..7e1f5709ca8cb0c980d5264c47bdc612bc6a8312 100644 (file)
--- a/target/linux/generic-2.6/config-2.6.35
+++ b/target/linux/generic-2.6/config-2.6.35
@@ -1535,6 +1535,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_MATCH_STATE is not set
 # CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
 # CONFIG_NETFILTER_XT_MATCH_STRING is not set
+# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set
 # CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
 # CONFIG_NETFILTER_XT_MATCH_TIME is not set
 # CONFIG_NETFILTER_XT_MATCH_U32 is not set
@@ -1552,6 +1553,7 @@ CONFIG_NETFILTER_ADVANCED=y
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
 CONFIG_NETFILTER=y
 CONFIG_NET_IPGRE_BROADCAST=y