domenico/openwrt_NSS_ACW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration

Browse Source 
SVN-Revision: 37866
This commit is contained in:
Steven Barth
2013-09-01 17:59:48 +00:00
parent 3e647ac9b6
commit 0a85c59040
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
include/netfilter.mk
View File

@@ -156,21 +156,28 @@ $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))
# nat # nat
# kernel only # kernel only
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_XT)xt_nat, ge 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4 $(P_V4)iptable_nat, ge 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6 $(P_V6)ip6table_nat, ge 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE, ge 3.7.0),))
$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT, ge 3.7.0),))
# userland only # userland only
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT))) $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT)))
$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DNPT ip6t_SNPT)))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE)) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT, ge 3.7.0)) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT, ge 3.7.0))
$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT, lt 3.7.0)) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT, lt 3.7.0))
$(eval $(call nf_add,IPT_NAT6,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ip6t_REDIRECT, lt 3.8.0))
# nat-extra # nat-extra
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_XT)xt_NETMAP, ge 3.7.0)) $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_XT)xt_NETMAP, ge 3.7.0))
$(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP, lt 3.7.0)) $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP, lt 3.7.0))
$(eval $(call nf_add,IPT_NAT6,CONFIG_IP_NF_TARGET_NETMAP, $(P_V6)ip6t_NETMAP, lt 3.8.0))
# nathelper # nathelper
@@ -283,6 +290,7 @@ IPT_BUILTIN += $(IPT_IPRANGE-y)
IPT_BUILTIN += $(IPT_IPSEC-y) IPT_BUILTIN += $(IPT_IPSEC-y)
IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m) IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m)
IPT_BUILTIN += $(IPT_NAT-y) IPT_BUILTIN += $(IPT_NAT-y)
IPT_BUILTIN += $(IPT_NAT6-y)
IPT_BUILTIN += $(IPT_NAT_EXTRA-y) IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
IPT_BUILTIN += $(IPT_NATHELPER-y) IPT_BUILTIN += $(IPT_NATHELPER-y)
IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)

19
package/kernel/linux/modules/netfilter.mk
View File

@@ -165,6 +165,23 @@ endef
$(eval $(call KernelPackage,ipt-nat)) $(eval $(call KernelPackage,ipt-nat))
define KernelPackage/ipt-nat6
TITLE:=IPv6 NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT6)
FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m)))
$(call AddDepends/ipt,+kmod-ipt-conntrack)
$(call AddDepends/ipt,+kmod-ipt-nat)
$(call AddDepends/ipt,+kmod-ip6tables)
endef
define KernelPackage/ipt-nat6/description
Netfilter (IPv6) kernel modules for NAT targets
endef
$(eval $(call KernelPackage,ipt-nat6))
define KernelPackage/ipt-nat-extra define KernelPackage/ipt-nat-extra
TITLE:=Extra NAT targets TITLE:=Extra NAT targets
KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA) KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA)
@@ -394,7 +411,7 @@ define KernelPackage/ip6tables
DEPENDS:=+kmod-ipv6 +kmod-ipt-core +kmod-ipt-conntrack DEPENDS:=+kmod-ipv6 +kmod-ipt-core +kmod-ipt-conntrack
KCONFIG:=$(KCONFIG_IPT_IPV6) KCONFIG:=$(KCONFIG_IPT_IPV6)
FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko) FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko)
AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m))) AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m)))
endef endef
define KernelPackage/ip6tables/description define KernelPackage/ip6tables/description

12
package/network/utils/iptables/Makefile
View File

@@ -300,6 +300,17 @@ $(call Package/iptables/Default)
MENU:=1 MENU:=1
endef endef
define Package/ip6tables-mod-nat
$(call Package/iptables/Default)
DEPENDS:=ip6tables +kmod-ipt-nat6
TITLE:=IPv6 NAT extensions
endef
define Package/ip6tables-mod-nat/description
iptables extensions for IPv6-NAT targets.
endef
define Package/libiptc define Package/libiptc
$(call Package/iptables/Default) $(call Package/iptables/Default)
SECTION:=libs SECTION:=libs
@@ -447,6 +458,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))
$(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))
$(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))
$(eval $(call BuildPackage,ip6tables)) $(eval $(call BuildPackage,ip6tables))
$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))
$(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libiptc))
$(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip4tc))
$(eval $(call BuildPackage,libip6tc)) $(eval $(call BuildPackage,libip6tc))