nf-conntrack: allow querying conntrack info in nfqueue

This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".

Signed-off-by: Etan Kissling <etan_kissling@apple.com>

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index aacf5948b1ef247115052b053ea03bf272e381a4..b46fcebc0896c6810b91b142d41227e046128c2b 100644 (file)
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -1002,7 +1002,7 @@ $(eval $(call KernelPackage,nfnetlink-queue))
 define KernelPackage/nf-conntrack-netlink
   TITLE:=Connection tracking netlink interface
   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
-  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
+  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
   AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
   $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
 endef

diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index 9006c63ecf4e1f95df2a696c4679a4de16aa2725..15d235fea5352eccc772c2fbb53ba597089b22d9 100644 (file)
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -3672,6 +3672,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
 # CONFIG_NF_CONNTRACK_ZONES is not set
 # CONFIG_NF_CT_NETLINK is not set
 # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NF_CT_NETLINK_HELPER is not set
 # CONFIG_NF_CT_PROTO_DCCP is not set
 # CONFIG_NF_CT_PROTO_GRE is not set
 # CONFIG_NF_CT_PROTO_SCTP is not set