Custom netfilter target modules on white russian

General discussion about Gargoyle, OpenWrt or anything else even remotely related to the project

Moderator: Moderators

Post Reply
snowyowlster
Posts: 3
Joined: Wed Dec 03, 2008 7:14 pm

Custom netfilter target modules on white russian

Post by snowyowlster »

This has been posted to the openwrt white russian forum.
Credit goes to Eric's script for automating the process for kamikaze. This effort is more manual but has worked (at least once !) for White Russsian. See - other thread for more context to this.

HOWTO
-------------------------------

create_patch.sh and copy_files.sh have been created to help create the patches for netfilter and iptables which do the hardwork. These shell scripts are provided at the end

1. In a workding directory, user copy the build_mipsel based linux dirctories to
create linux-2.4.30.old and linux-2.4.30.dev directory trees (use tar to create a tree for only the netfilter directory to minimize the size of the trees) - using script copy_files.sh

2. Modify linux-2.4.30.dev directory
a)Modify netfilter Makefile
Add ipt_NEWMODULE.o to ip_nf_nat_objs in the netfilter directory

b) create header file ipt_NEWMODULE.h in
~/buildroot/whiterussian/openwrt/build_mipsel/linux-2.4.brcm/linux-2.4.30/include/linux/netfilter_ipv4

c) Create actual new netfilter module file in
~/buildroot/whiterussian/openwrt/build_mipsel/linux-2.4.brcm/linux-2.4.30/net/ipv4/netfilter/ipt_NEWMODULE.c

3. Modify Config.in for netfilter: ~/buildroot/whiterussian/openwrt/build_mipsel/target/linux/Config.in
a) add NEW package in KMOD_IPTABLES_EXTRA

b) Define BR2_PACKAGE_KMOD_IPT_NEW

4. Now modify userspace iptables:
a) Create a copies of iptables-1.3.3 as iptables-1.3.3.old and iptables-1.3.3.new in build_mipsel directory
and in the iptables-1.3.3.new/extensions add libipt_NEWMODULE.c
b) Modify iptables-1.3.3.new/extensions/Makefile by adding NEWMODULE to PF_EXT_LIBS

c) Modify ~/buildroot/openwrt/package/iptables/Config.in and add the NEW package in 2 places similar to the changes done for netfilter

5. Finally use create_patch.sh (this does a diff -u to create a patch)

6. Copy patches as follows:
netfilter module patch to
~/buildroot/whiterussian/openwrt/target/linux/linux-2.4/patches/generic
and userspace patch to
~/buildroot/whiterussian/openwrt/package/iptables/patches

7. make target/linux-clean ; make target/linux-rebuild
make package/iptables-clean; make package/iptables-rebuild

Copy packages over to the router and do an install with ipkg or just copy the ipt_NEWMODULE.o and libipt_NEWMODULE.so files over - make sure to add the new module to /etc/modules and reboot (or insmod ipt_NEWMODULE)

copy_files.sh
--------------
#!/bin/sh
CURRENT_DIR=$(pwd)
echo CURRENT dir is $CURRENT_DIR
TOPDIR="~/buildroot/whiterussian/openwrt/build_mipsel/linux-2.4-brcm"
cd $TOPDIR
tar -cvf dev.tar linux-2.4.30/net/ipv4/netfilter/ipt_DUMBSNAT.c
tar -rvf dev.tar linux-2.4.30/include/linux/netfilter_ipv4/ipt_DUMBSNAT.h
tar -rvf dev.tar linux-2.4.30/net/ipv4/netfilter/Config.in
tar -rvf dev.tar linux-2.4.30/net/ipv4/netfilter/Makefile
mv dev.tar $CURRENT_DIR


create_patch.sh
-----------------------------
#!/bin/sh
ORIG_DIR=$(pwd)
PATCH_FILE=130-netfilter_NEWMODULE.patch
diff -u /dev/null linux-2.4.30.dev/net/ipv4/netfilter/ipt_NEWMODULE.c > $PATCH_FILE
diff -u /dev/null linux-2.4.30.dev/include/linux/netfilter_ipv4/ipt_NEWMODULE.h >> $PATCH_FILE
diff -u linux-2.4.30.old/net/ipv4/netfilter/Config.in linux-2.4.30.dev/net/ipv4/netfilter/Config.in >> $PATCH_FILE
diff -u linux-2.4.30.old/net/ipv4/netfilter/Makefile linux-2.4.30.dev/net/ipv4/netfilter/Makefile >> $PATCH_FILE

PATCH_FILE=06-NEWMODULE.patch
TOPDIR="~/buildroot/whiterussian/openwrt/build_mipsel"
cd $TOPDIR
diff -u /dev/null iptables-1.3.3.new/extensions/libipt_NEWMODULE.c >$ORIG_DIR/$PATCH_FILE
diff -u iptables-1.3.3.old/extensions/Makefile iptables-1.3.3.new/extensions/Makefile >>$ORIG_DIR/$PATCH_FILE

Post Reply