[openwrt/openwrt] nf-conntrack: allow querying conntrack info in nfqueue

LEDE Commits lede-commits at lists.infradead.org
Wed Jan 13 19:54:12 EST 2021 

dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/39add246c1e18afc1fe026b5f359a3acf8082279

commit 39add246c1e18afc1fe026b5f359a3acf8082279
Author: Etan Kissling <etan_kissling at apple.com>
AuthorDate: Wed Jan 13 00:54:08 2021 +0100

    nf-conntrack: allow querying conntrack info in nfqueue
    
    This allows libnetfilter_queue to access connection tracking information
    by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
    provided in the NFQA_CT attribute.
    CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
    nf_queue and nf_conntrack_netlink. Without this option, trying to access
    connection tracking information results in "Operation not supported".
    
    Signed-off-by: Etan Kissling <etan_kissling at apple.com>
---
 package/kernel/linux/modules/netfilter.mk | 2 +-
 target/linux/generic/config-5.4           | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index aacf5948b1..b46fcebc08 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -1002,7 +1002,7 @@ $(eval $(call KernelPackage,nfnetlink-queue))
 define KernelPackage/nf-conntrack-netlink
   TITLE:=Connection tracking netlink interface
   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
-  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
+  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
   AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
   $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
 endef
diff --git a/target/linux/generic/config-5.4 b/target/linux/generic/config-5.4
index 9006c63ecf..15d235fea5 100644
--- a/target/linux/generic/config-5.4
+++ b/target/linux/generic/config-5.4
@@ -3672,6 +3672,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
 # CONFIG_NF_CONNTRACK_ZONES is not set
 # CONFIG_NF_CT_NETLINK is not set
 # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NF_CT_NETLINK_HELPER is not set
 # CONFIG_NF_CT_PROTO_DCCP is not set
 # CONFIG_NF_CT_PROTO_GRE is not set
 # CONFIG_NF_CT_PROTO_SCTP is not set

More information about the lede-commits mailing list