Modify

Opened 6 years ago

Closed 4 years ago

Last modified 3 years ago

#10527 closed defect (worksforme)

Fix Netfilter.mk to build userspace TTL module and CT target (patch included)

Reported by: olipro@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: iptables ttl ct Cc:

Description

included patch contains code to ensure the missing TTL modules are built for TTL matching and mangling (the actual kernel space module is xt_HL and already gets built) - also added is the CT target which supercedes NOTRACK.

Please ensure that changes are also made to the iptables and kernel package makefile so that anyone pulling from svn will have their buildenv automatically refresh its metadata, otherwise the new modules won't get built.

as another aside: kernel configs must be adjusted to define NF_CONNTRACK_ZONES as it blocks compilation if V=99 isn't set (since user is prompted to [un]define it)

Attachments (1)

netfilter-add-CT+TTL.patch (1.4 KB) - added by olipro@… 6 years ago.
Netfilter.mk patch

Download all attachments as: .zip

Change History (10)

Changed 6 years ago by olipro@…

Netfilter.mk patch

comment:1 Changed 6 years ago by Foks

It seems that patch is now in trunk
https://dev.openwrt.org/changeset/29645

But I still can't get TTL mangling working:
iptables v1.4.10: unknown option `--ttl-set'
(rev 292722)

What am I doing wrong?

comment:2 Changed 6 years ago by anonymous

As I see, libipt_TTL.so gets built, but doesn't get into the package itself. Of course, TTL target doesn't work. I confirm the issue. Probably modifying netfilter.mk is not enough?

comment:3 Changed 6 years ago by anonymous

I haven't yet understood how to make it building into a package, but copying that two files into /usr/lib/iptables/ seems to work.

comment:4 Changed 6 years ago by anonymous

copying what and were?

comment:5 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r30897 and r30898

comment:6 follow-up: Changed 4 years ago by quitte@…

  • Resolution fixed deleted
  • Status changed from closed to reopened

increasing the ttl still doesn't work from a binary snapshot:
iptables v1.4.19.1: unknown option "--ttl-inc"

comment:7 in reply to: ↑ 6 Changed 4 years ago by quitte@…

Replying to quitte@…:

increasing the ttl still doesn't work from a binary snapshot:
iptables v1.4.19.1: unknown option "--ttl-inc"

installing iptables-mod-ipopt did the trick. Please close the bug again. thanks.

comment:8 Changed 4 years ago by jow

  • Resolution set to worksforme
  • Status changed from reopened to closed

comment:9 Changed 3 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.