git.openwrt.org Git - openwrt/staging/chunkeey.git/commit

author	Martin Wetterwald <martin.wetterwald@corp.ovh.com>
	Thu, 12 Jan 2017 14:06:00 +0000 (15:06 +0100)
committer	Yousong Zhou <yszhou4tech@gmail.com>
	Fri, 26 Jan 2018 07:32:46 +0000 (15:32 +0800)
commit	6ea9a702c5b6ff0866ae93241d6b2bdd80ead5e4
tree	247ecddedfd03ca7006b84fd01f87fbcaac8e7f6	tree \| snapshot
parent	00fa1e4108db4b41dae76909ae5adcdf837ba6ef	commit \| diff

iptables: Fix target TRACE issue

The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>

include/netfilter.mk		diff \| blob \| history
package/network/utils/iptables/Makefile		diff \| blob \| history