<html><body><div style="color:#000; background-color:#fff; font-family:garamond, new york, times, serif;font-size:14pt"><div class="" style=""><span class="" style="">I had just added  it through kernel_menuconfig today.</span></div><div style="color: rgb(0, 0, 0); font-size: 19px; font-family: garamond, 'new york', times, serif; background-color: transparent; font-style: normal;" class=""><span class="" style=""><br class="" style=""></span></div><div style="color: rgb(0, 0, 0); font-size: 19px; font-family: garamond, 'new york', times, serif; background-color: transparent; font-style: normal;" class=""><span class="" style=""></span></div><div style="font-family: Verdana, Arial, 'Bitstream Vera Sans', Helvetica, sans-serif; font-size: 13px;" class="">->Networking support<br class="" style="">-> Network Options<br class="" style="">-> Network packet filtering framework (Netfilter)<br class="" style="">-> Core Netfilter configuration<br
 class="" style="">-> Netfilter NFQUEUE over NFNETLINK interface (ACTIVATE) -> "NFQUEUE" target support (ACTIVATE)<br class="" style=""></div><div class="" style=""><br class="" style=""></div><div class="" style=""><br></div><div class="" style="">This patch will indeed help in the future.</div><div class="" style=""><br></div><div class="" style="">Please advice (instruction) on how to include a patch for the people who are using SDK to cross-compile.  </div><div class="" style=""></div><div class="" style=""> </div><div class="" style=""><font size="3" class="" style=""><span style="font-weight:bold;" class=""><div class="" style=""><font size="3" class="" style="">Thanking you ever much,</font></div><div class="" style=""><font size="3" class="" style=""><br class="" style=""></font></div>Best Regards,</span><br style="font-weight:bold;" class=""><br style="font-weight:bold;" class=""><span style="font-weight:bold;"
 class="">Mohideen</span></font></div><div style="font-size:16px;font-family:arial, helvetica, clean, sans-serif;" class=""><br class="" style=""></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: garamond, new york, times, serif; font-size: 14pt;" class=""> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;" class=""> <div dir="ltr" class="" style=""> <font size="2" face="Arial" class="" style=""> On Wednesday, August 6, 2014 1:58 PM, Yousong Zhou <yszhou4tech@gmail.com> wrote:<br class="" style=""> </font> </div>  <br class="" style=""><br class="" style=""> <div class="" style="">Hello,<br class="" style=""><br class="" style="">On 7 November 2013 00:47, Derek LaHousse <<a ymailto="mailto:dlahouss@mtu.edu" class="" style="" href="">dlahouss@mtu.edu</a>> wrote:<br class="" style="">> Hello, new
 developer here, open to advice<br class="" style="">><br class="" style="">> <a target="_blank" class="" style="" href="">https://dev.openwrt.org/ticket/9969</a><br class="" style="">><br class="" style="">> Describe Changes:<br class="" style="">> The included patch creates a menu item for iptables targets NFLOG and<br class="" style="">> NFQUEUE.  NFLOG is the successor to ULOG, while NFQUEUE allows userspace<br class="" style="">> packet filtering.  Selecting the iptables target enables the kernel<br class="" style="">> modules necessary for netfilter to support these targets.<br class="" style=""><br class="" style="">I am using NFLOG target with this patch and it worked.  It would be<br class="" style="">great if this can be merged into OpenWrt.<br class="" style=""><br class="" style=""><br class="" style="">Regards.<br class="" style=""><br class="" style="">             
   yousong<br class="" style=""><br class="" style="">><br class="" style="">> Signed-off-by: Derek LaHousse <<a ymailto="mailto:dlahouss@mtu.edu" class="" style="" href="">dlahouss@mtu.edu</a>><br class="" style="">> ---<br class="" style="">><br class="" style="">> diff --git a/include/netfilter.mk b/include/netfilter.mk<br class="" style="">> index 305f28e..a8c0860 100644<br class="" style="">> --- a/include/netfilter.mk<br class="" style="">> +++ b/include/netfilter.mk<br class="" style="">> @@ -241,6 +241,21 @@ $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE))<br class="" style="">><br class="" style="">>  $(eval $(call nf_add,IPT_U32,CONFIG_NETFILTER_XT_MATCH_U32, (P_XT)xt_u32))<br class="" style="">><br class="" style="">> +<br class="" style="">> +# netlink<br class="" style="">> +<br class="" style="">> +$(eval $(call
 nf_add,NFNETLINK,CONFIG_NETFILTER_NETLINK, $(P_XT)nfnetlink))<br class="" style="">> +<br class="" style="">> +# nflog<br class="" style="">> +<br class="" style="">> +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_NETLINK_LOG, $(P_XT)nfnetlink_log))<br class="" style="">> +$(eval $(call nf_add,NFNETLINK_LOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))<br class="" style="">> +<br class="" style="">> +# nfqueue<br class="" style="">> +<br class="" style="">> +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_NETLINK_QUEUE, $(P_XT)nfnetlink_queue))<br class="" style="">> +$(eval $(call nf_add,NFNETLINK_QUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_NFQUEUE))<br class="" style="">> +<br class="" style="">>  #<br class="" style="">>  # ebtables<br class="" style="">>  #<br class="" style="">> @@ -295,6 +310,9 @@ IPT_BUILTIN += $(IPT_NATHELPER_EXTRA-y)<br class=""
 style="">>  IPT_BUILTIN += $(IPT_ULOG-y)<br class="" style="">>  IPT_BUILTIN += $(IPT_DEBUG-y)<br class="" style="">>  IPT_BUILTIN += $(IPT_TPROXY-y)<br class="" style="">> +IPT_BUILTIN += $(NFNETLINK-y)<br class="" style="">> +IPT_BUILTIN += $(NFNETLINK_LOG-y)<br class="" style="">> +IPT_BUILTIN += $(NFNETLINK_QUEUE-y)<br class="" style="">>  IPT_BUILTIN += $(EBTABLES-y)<br class="" style="">>  IPT_BUILTIN += $(EBTABLES_IP4-y)<br class="" style="">>  IPT_BUILTIN += $(EBTABLES_IP6-y)<br class="" style="">> diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk<br class="" style="">> index 7509ced..9dc8ac4 100644<br class="" style="">> --- a/package/kernel/linux/modules/netfilter.mk<br class="" style="">> +++ b/package/kernel/linux/modules/netfilter.mk<br class="" style="">> @@ -515,10 +515,10 @@ $(eval $(call
 KernelPackage,ebtables-watchers))<br class="" style="">>  define KernelPackage/nfnetlink<br class="" style="">>    SUBMENU:=$(NF_MENU)<br class="" style="">>    TITLE:=Netlink-based userspace interface<br class="" style="">> -  DEPENDS:=+kmod-ipt-core<br class="" style="">> -  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink.ko<br class="" style="">> -  KCONFIG:=CONFIG_NETFILTER_NETLINK<br class="" style="">> -  AUTOLOAD:=$(call AutoProbe,nfnetlink)<br class="" style="">> +  FILES:=$(foreach mod,$(NFNETLINK-m),$(LINUX_DIR)/net/$(mod).ko)<br class="" style="">> +  KCONFIG:=$(KCONFIG_NFNETLINK)<br class="" style="">> +  AUTOLOAD:=$(call AutoProbe,$(NFNETLINK-m))<br class="" style="">> +  $(call AddDepends/ipt)<br class="" style="">>  endef<br class="" style="">><br class="" style="">>  define KernelPackage/nfnetlink/description<br class=""
 style="">> @@ -536,14 +536,16 @@ endef<br class="" style="">><br class="" style="">>  define KernelPackage/nfnetlink-log<br class="" style="">>    TITLE:=Netfilter LOG over NFNETLINK interface<br class="" style="">> -  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_log.ko<br class="" style="">> -  KCONFIG:=CONFIG_NETFILTER_NETLINK_LOG<br class="" style="">> -  AUTOLOAD:=$(call AutoProbe,nfnetlink_log)<br class="" style="">> +  FILES:=$(foreach mod,$(NFNETLINK_LOG-m),$(LINUX_DIR)/net/$(mod).ko)<br class="" style="">> +  KCONFIG:=$(KCONFIG_NFNETLINK_LOG)<br class="" style="">> +  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_LOG-m)))<br class="" style="">>    $(call AddDepends/nfnetlink)<br class="" style="">>  endef<br class="" style="">><br class="" style="">>  define KernelPackage/nfnetlink-log/description<br class="" style="">>   Kernel
 modules support for logging packets via NFNETLINK<br class="" style="">> + Includes:<br class="" style="">> + - NFLOG<br class="" style="">>  endef<br class="" style="">><br class="" style="">>  $(eval $(call KernelPackage,nfnetlink-log))<br class="" style="">> @@ -551,14 +553,16 @@ $(eval $(call KernelPackage,nfnetlink-log))<br class="" style="">><br class="" style="">>  define KernelPackage/nfnetlink-queue<br class="" style="">>    TITLE:=Netfilter QUEUE over NFNETLINK interface<br class="" style="">> -  FILES:=$(LINUX_DIR)/net/netfilter/nfnetlink_queue.ko<br class="" style="">> -  KCONFIG:=CONFIG_NETFILTER_NETLINK_QUEUE<br class="" style="">> -  AUTOLOAD:=$(call AutoProbe,nfnetlink_queue)<br class="" style="">> +  FILES:=$(foreach mod,$(NFNETLINK_QUEUE-m),$(LINUX_DIR)/net/$(mod).ko)<br class="" style="">> +  KCONFIG:=$(KCONFIG_NFNETLINK_QUEUE)<br class=""
 style="">> +  AUTOLOAD:=$(call AutoLoad,45,$(notdir $(NFNETLINK_QUEUE-m)))<br class="" style="">>    $(call AddDepends/nfnetlink)<br class="" style="">>  endef<br class="" style="">><br class="" style="">>  define KernelPackage/nfnetlink-queue/description<br class="" style="">>   Kernel modules support for queueing packets via NFNETLINK<br class="" style="">> + Includes:<br class="" style="">> + - NFQUEUE<br class="" style="">>  endef<br class="" style="">><br class="" style="">>  $(eval $(call KernelPackage,nfnetlink-queue))<br class="" style="">> diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile<br class="" style="">> index 35dda06..ad98aa5 100644<br class="" style="">> --- a/package/network/utils/iptables/Makefile<br class="" style="">> +++ b/package/network/utils/iptables/Makefile<br class="" style="">> @@ -193,6
 +193,32 @@ iptables extensions for user-space packet logging.<br class="" style="">><br class="" style="">>  endef<br class="" style="">><br class="" style="">> +define Package/iptables-mod-nflog<br class="" style="">> +$(call Package/iptables/Module, +kmod-nfnetlink-log)<br class="" style="">> +  TITLE:=Netfilter NFLOG target<br class="" style="">> +endef<br class="" style="">> +<br class="" style="">> +define Package/iptables-mod-nflog/description<br class="" style="">> + iptables extension for user-space logging via NFNETLINK.<br class="" style="">> +<br class="" style="">> + Includes:<br class="" style="">> +  - libxt_NFLOG<br class="" style="">> +<br class="" style="">> +endef<br class="" style="">> +<br class="" style="">> +define Package/iptables-mod-nfqueue<br class="" style="">> +$(call Package/iptables/Module, +kmod-nfnetlink-queue)<br class="" style="">> + 
 TITLE:=Netfilter NFQUEUE target<br class="" style="">> +endef<br class="" style="">> +<br class="" style="">> +define Package/iptables-mod-nfqueue/description<br class="" style="">> + iptables extension for user-space queuing via NFNETLINK.<br class="" style="">> +<br class="" style="">> + Includes:<br class="" style="">> +  - libxt_NFQUEUE<br class="" style="">> +<br class="" style="">> +endef<br class="" style="">> +<br class="" style="">>  define Package/iptables-mod-hashlimit<br class="" style="">>  $(call Package/iptables/Module, +kmod-ipt-hashlimit)<br class="" style="">>    TITLE:=hashlimit matching<br class="" style="">> @@ -457,6 +483,8 @@ $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m)))<br class="" style="">>  $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m)))<br class="" style="">>  $(eval $(call
 BuildPlugin,iptables-mod-tee,$(IPT_TEE-m)))<br class="" style="">>  $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m)))<br class="" style="">> +$(eval $(call BuildPlugin,iptables-mod-nflog,$(NFNETLINK_LOG-m)))<br class="" style="">> +$(eval $(call BuildPlugin,iptables-mod-nfqueue,$(NFNETLINK_QUEUE-m)))<br class="" style="">>  $(eval $(call BuildPackage,ip6tables))<br class="" style="">>  $(eval $(call BuildPlugin,ip6tables-mod-nat,$(IPT_NAT6-m)))<br class="" style="">>  $(eval $(call BuildPackage,libiptc))<br class="" style="">> _______________________________________________<br class="" style="">> openwrt-devel mailing list<br class="" style="">> <a ymailto="mailto:openwrt-devel@lists.openwrt.org" class="" style="" href="">openwrt-devel@lists.openwrt.org</a><br class="" style="">> <a target="_blank" class="" style="" href="">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br
 class="" style="">_______________________________________________<br class="" style="">openwrt-devel mailing list<br class="" style=""><a ymailto="mailto:openwrt-devel@lists.openwrt.org" class="" style="" href="">openwrt-devel@lists.openwrt.org</a><br class="" style=""><a target="_blank" class="" style="" href="">https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel</a><br class="" style=""><br class="" style=""><br class="" style=""></div>  </div> </div>  </div> </div></body></html>