From: Steven Barth Date: Sun, 1 Sep 2013 17:59:48 +0000 (+0000) Subject: netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam Novak and... X-Git-Tag: reboot~9413 X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=0a85c59040d6e053199962fe9127cc0d2d8febc3;p=openwrt%2Fopenwrt.git netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration SVN-Revision: 37866 --- diff --git a/include/netfilter.mk b/include/netfilter.mk index 33d7b8e0fe..fe31091b6c 100644 --- a/include/netfilter.mk +++ b/include/netfilter.mk @@ -156,21 +156,28 @@ $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT)) # nat # kernel only -$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_V4)nf_nat_ipv4 $(P_XT)xt_nat $(P_V4)iptable_nat, ge 3.7.0),)) $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_V4)nf_nat $(P_V4)iptable_nat, lt 3.7.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat $(P_XT)xt_nat, ge 3.7.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4 $(P_V4)iptable_nat, ge 3.7.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6 $(P_V6)ip6table_nat, ge 3.7.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE, ge 3.7.0),)) +$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT, ge 3.7.0),)) # userland only $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT))) +$(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DNPT ip6t_SNPT))) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE)) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT, ge 3.7.0)) $(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ipt_REDIRECT, lt 3.7.0)) +$(eval $(call nf_add,IPT_NAT6,CONFIG_IP_NF_TARGET_REDIRECT, $(P_V4)ip6t_REDIRECT, lt 3.8.0)) # nat-extra $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_XT)xt_NETMAP, ge 3.7.0)) $(eval $(call nf_add,IPT_NAT_EXTRA,CONFIG_IP_NF_TARGET_NETMAP, $(P_V4)ipt_NETMAP, lt 3.7.0)) +$(eval $(call nf_add,IPT_NAT6,CONFIG_IP_NF_TARGET_NETMAP, $(P_V6)ip6t_NETMAP, lt 3.8.0)) # nathelper @@ -283,6 +290,7 @@ IPT_BUILTIN += $(IPT_IPRANGE-y) IPT_BUILTIN += $(IPT_IPSEC-y) IPT_BUILTIN += $(IPT_IPV6-y) $(IPT_IPV6-m) IPT_BUILTIN += $(IPT_NAT-y) +IPT_BUILTIN += $(IPT_NAT6-y) IPT_BUILTIN += $(IPT_NAT_EXTRA-y) IPT_BUILTIN += $(IPT_NATHELPER-y) IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y) diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk index 496a9f9d4d..f657bad4c5 100644 --- a/package/kernel/linux/modules/netfilter.mk +++ b/package/kernel/linux/modules/netfilter.mk @@ -165,6 +165,23 @@ endef $(eval $(call KernelPackage,ipt-nat)) +define KernelPackage/ipt-nat6 + TITLE:=IPv6 NAT targets + KCONFIG:=$(KCONFIG_IPT_NAT6) + FILES:=$(foreach mod,$(IPT_NAT6-m),$(LINUX_DIR)/net/$(mod).ko) + AUTOLOAD:=$(call AutoLoad,43,$(notdir $(IPT_NAT6-m))) + $(call AddDepends/ipt,+kmod-ipt-conntrack) + $(call AddDepends/ipt,+kmod-ipt-nat) + $(call AddDepends/ipt,+kmod-ip6tables) +endef + +define KernelPackage/ipt-nat6/description + Netfilter (IPv6) kernel modules for NAT targets +endef + +$(eval $(call KernelPackage,ipt-nat6)) + + define KernelPackage/ipt-nat-extra TITLE:=Extra NAT targets KCONFIG:=$(KCONFIG_IPT_NAT_EXTRA) @@ -394,7 +411,7 @@ define KernelPackage/ip6tables DEPENDS:=+kmod-ipv6 +kmod-ipt-core +kmod-ipt-conntrack KCONFIG:=$(KCONFIG_IPT_IPV6) FILES:=$(foreach mod,$(IPT_IPV6-m),$(LINUX_DIR)/net/$(mod).ko) - AUTOLOAD:=$(call AutoLoad,49,$(notdir $(IPT_IPV6-m))) + AUTOLOAD:=$(call AutoLoad,42,$(notdir $(IPT_IPV6-m))) endef define KernelPackage/ip6tables/description diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile index 879d786e8f..35dda06d9c 100644 --- a/package/network/utils/iptables/Makefile +++ b/package/network/utils/iptables/Makefile @@ -300,6 +300,17 @@ $(call Package/iptables/Default) MENU:=1 endef + +define Package/ip6tables-mod-nat +$(call Package/iptables/Default) + DEPENDS:=ip6tables +kmod-ipt-nat6 + TITLE:=IPv6 NAT extensions +endef + +define Package/ip6tables-mod-nat/description +iptables extensions for IPv6-NAT targets. +endef + define Package/libiptc $(call Package/iptables/Default) SECTION:=libs @@ -447,6 +458,7 @@ $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) $(eval $(call BuildPackage,ip6tables)) +$(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m))) $(eval $(call BuildPackage,libiptc)) $(eval $(call BuildPackage,libip4tc)) $(eval $(call BuildPackage,libip6tc))