Last active
May 6, 2022 09:04
-
-
Save SAPikachu/80e0aa13bf89b2416ecae8574e3bed40 to your computer and use it in GitHub Desktop.
OpenWrt TCPOPTSTRIP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/include/netfilter.mk b/include/netfilter.mk | |
| index 5d532ce..474a48b 100644 | |
| --- a/include/netfilter.mk | |
| +++ b/include/netfilter.mk | |
| @@ -262,6 +262,9 @@ $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPR | |
| # led | |
| $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED)) | |
| +# tcpoptstrip | |
| +$(eval $(call nf_add,IPT_TCPOPTSTRIP,CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP, $(P_XT)xt_TCPOPTSTRIP)) | |
| + | |
| # tee | |
| $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE)) | |
| diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk | |
| index 51f3544..f36db6b 100644 | |
| --- a/package/kernel/linux/modules/netfilter.mk | |
| +++ b/package/kernel/linux/modules/netfilter.mk | |
| @@ -549,6 +549,24 @@ endef | |
| $(eval $(call KernelPackage,ipt-led)) | |
| +define KernelPackage/ipt-tcpoptstrip | |
| + TITLE:=Module to strip a TCP option | |
| + KCONFIG:= \ | |
| + CONFIG_NETFILTER=y \ | |
| + CONFIG_NETFILTER_ADVANCED=y \ | |
| + CONFIG_IP_NF_MANGLE=y \ | |
| + $(KCONFIG_IPT_TCPOPTSTRIP) | |
| + FILES:=$(foreach mod,$(IPT_TCPOPTSTRIP-m),$(LINUX_DIR)/net/$(mod).ko) | |
| + AUTOLOAD:=$(call AutoProbe,$(notdir $(IPT_TCPOPTSTRIP-m))) | |
| + $(call AddDepends/ipt) | |
| +endef | |
| + | |
| +define KernelPackage/ipt-tcpoptstrip/description | |
| + Netfilter target to strip a TCP option. | |
| +endef | |
| + | |
| +$(eval $(call KernelPackage,ipt-tcpoptstrip)) | |
| + | |
| define KernelPackage/ipt-tproxy | |
| TITLE:=Transparent proxying support | |
| DEPENDS+=+kmod-ipt-conntrack +IPV6:kmod-nf-conntrack6 +IPV6:kmod-ip6tables | |
| diff --git a/package/network/utils/iptables/Makefile b/package/network/utils/iptables/Makefile | |
| index 1d758ed..40b096d 100644 | |
| --- a/package/network/utils/iptables/Makefile | |
| +++ b/package/network/utils/iptables/Makefile | |
| @@ -377,6 +377,19 @@ iptables extension for triggering a LED. | |
| endef | |
| +define Package/iptables-mod-tcpoptstrip | |
| +$(call Package/iptables/Module, +kmod-ipt-tcpoptstrip) | |
| + TITLE:=TCPOPTSTRIP iptables extension | |
| +endef | |
| + | |
| +define Package/iptables-mod-tcpoptstrip/description | |
| +iptables extension for stripping a TCP option. | |
| + | |
| + Targets: | |
| + - TCPOPTSTRIP | |
| + | |
| +endef | |
| + | |
| define Package/iptables-mod-tproxy | |
| $(call Package/iptables/Module, +kmod-ipt-tproxy) | |
| TITLE:=Transparent proxy iptables extensions | |
| @@ -630,6 +643,7 @@ $(eval $(call BuildPlugin,iptables-mod-ulog,$(IPT_ULOG-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-hashlimit,$(IPT_HASHLIMIT-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-rpfilter,$(IPT_RPFILTER-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-led,$(IPT_LED-m))) | |
| +$(eval $(call BuildPlugin,iptables-mod-tcpoptstrip,$(IPT_TCPOPTSTRIP-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-tproxy,$(IPT_TPROXY-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-tee,$(IPT_TEE-m))) | |
| $(eval $(call BuildPlugin,iptables-mod-u32,$(IPT_U32-m))) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment