From 75777ef3a1ef443bffc237265c58f55bbe45af35 Mon Sep 17 00:00:00 2001 From: ljs <17638439302@163.com> Date: Fri, 14 Feb 2025 14:29:55 +0800 Subject: [PATCH 3/3] feat: Kernel adds support for iptables NAT --- .../arch/arm64/configs/hi351xdv500_defconfig | 134 +++++++++++++++++- .../linux/linux-5.10.y/net/netfilter/Kconfig | 8 +- 2 files changed, 133 insertions(+), 9 deletions(-) diff --git a/open_source/linux/linux-5.10.y/arch/arm64/configs/hi351xdv500_defconfig b/open_source/linux/linux-5.10.y/arch/arm64/configs/hi351xdv500_defconfig index 48dd18352..d7340230f 100644 --- a/open_source/linux/linux-5.10.y/arch/arm64/configs/hi351xdv500_defconfig +++ b/open_source/linux/linux-5.10.y/arch/arm64/configs/hi351xdv500_defconfig @@ -36,8 +36,133 @@ CONFIG_PACKET=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y -# CONFIG_IPV6 is not set +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_NET_IPIP=y +CONFIG_NET_IPGRE_DEMUX=y +CONFIG_NET_IPGRE=y +CONFIG_NET_IPVTI=y +CONFIG_INET_ESP=y +CONFIG_INET_UDP_DIAG=y +CONFIG_INET_DIAG_DESTROY=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_ESP=y +CONFIG_INET6_IPCOMP=y +CONFIG_IPV6_MIP6=y +CONFIG_IPV6_VTI=y +CONFIG_IPV6_GRE=y +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_NETWORK_SECMARK=y CONFIG_NETFILTER=y +CONFIG_BRIDGE_NETFILTER=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CONNTRACK_AMANDA=y +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_H323=y +CONFIG_NF_CONNTRACK_NETBIOS_NS=y +CONFIG_NF_CONNTRACK_PPTP=y +CONFIG_NF_CONNTRACK_SANE=y +CONFIG_NF_CONNTRACK_TFTP=y +CONFIG_NF_CT_NETLINK=y +CONFIG_NF_TABLES=y +CONFIG_NF_TABLES_INET=y +CONFIG_NF_FLOW_TABLE=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +CONFIG_NETFILTER_XT_MATCH_IPVS=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_SOCKET=y +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y +CONFIG_IP_SET=y +CONFIG_IP_VS=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y +CONFIG_IP6_NF_IPTABLES=y +CONFIG_IP6_NF_MATCH_RPFILTER=y +CONFIG_IP6_NF_FILTER=y +CONFIG_IP6_NF_TARGET_REJECT=y +CONFIG_IP6_NF_MANGLE=y +CONFIG_IP6_NF_RAW=y +CONFIG_IP6_NF_NAT=y +CONFIG_IP6_NF_TARGET_MASQUERADE=y +CONFIG_IP6_NF_TARGET_NPT=y +CONFIG_NF_CONNTRACK_BRIDGE=y +CONFIG_BRIDGE_NF_EBTABLES=y +CONFIG_BRIDGE_EBT_SNAT=y +CONFIG_BRIDGE=y +CONFIG_6LOWPAN=y +CONFIG_IEEE802154=y +CONFIG_IEEE802154_6LOWPAN=y +CONFIG_MAC802154=y +CONFIG_NET_SCHED=y +CONFIG_NET_SCH_HTB=y +CONFIG_NET_SCH_PRIO=y +CONFIG_NET_SCH_MULTIQ=y +CONFIG_NET_SCH_RED=y +CONFIG_NET_SCH_SFB=y +CONFIG_NET_SCH_SFQ=y +CONFIG_NET_SCH_TBF=y +CONFIG_NET_SCH_NETEM=y +CONFIG_NET_SCH_CODEL=y +CONFIG_NET_SCH_FQ_CODEL=y +CONFIG_NET_SCH_FQ=y +CONFIG_NET_SCH_INGRESS=y +CONFIG_NET_CLS_BASIC=y +CONFIG_NET_CLS_FW=y +CONFIG_NET_CLS_U32=y +CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_FLOW=y +CONFIG_NET_CLS_BPF=y +CONFIG_NET_CLS_MATCHALL=y +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_CMP=y +CONFIG_NET_EMATCH_NBYTE=y +CONFIG_NET_EMATCH_U32=y +CONFIG_NET_EMATCH_META=y +CONFIG_NET_EMATCH_TEXT=y +CONFIG_NET_EMATCH_IPSET=y +CONFIG_NET_CLS_ACT=y CONFIG_CAN=y CONFIG_CAN_MCP251X=y CONFIG_CFG80211=y @@ -118,6 +243,7 @@ CONFIG_GMAC_DDR_64BIT=y # CONFIG_NET_VENDOR_WIZNET is not set CONFIG_REALTEK_PHY=y CONFIG_MDIO_VENDOR_GEMAC=y +CONFIG_PPP=y CONFIG_USB_CATC=y CONFIG_USB_KAWETH=y CONFIG_USB_PEGASUS=y @@ -230,6 +356,8 @@ CONFIG_RESET_BSP=y # CONFIG_IOMMU_SUPPORT is not set CONFIG_PM_DEVFREQ=y CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=y +CONFIG_PWM=y +CONFIG_PWM_BSP=y CONFIG_VENDOR_USB_PHY=y CONFIG_USB_MODE_OPTION=y CONFIG_USB_DRD0_IN_DEVICE=y @@ -301,13 +429,9 @@ CONFIG_NLS_ISO8859_15=m CONFIG_NLS_KOI8_R=m CONFIG_NLS_KOI8_U=m CONFIG_NLS_UTF8=y -CONFIG_CRYPTO_SEQIV=m -CONFIG_CRYPTO_ECHAINIV=m CONFIG_CRYPTO_ECB=y -CONFIG_CRYPTO_DEFLATE=y CONFIG_CRYPTO_LZO=y CONFIG_CRYPTO_ZSTD=y -CONFIG_CRC_CCITT=y CONFIG_DMA_CMA=y CONFIG_CMA_SIZE_MBYTES=4 CONFIG_MAGIC_SYSRQ=y diff --git a/open_source/linux/linux-5.10.y/net/netfilter/Kconfig b/open_source/linux/linux-5.10.y/net/netfilter/Kconfig index 8bf70ce03..b700decc6 100644 --- a/open_source/linux/linux-5.10.y/net/netfilter/Kconfig +++ b/open_source/linux/linux-5.10.y/net/netfilter/Kconfig @@ -403,17 +403,17 @@ config NF_NAT controlled by iptables, ip6tables or nft. config NF_NAT_AMANDA - tristate + tristate "NF_NAT_AMANDA" depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_AMANDA config NF_NAT_FTP - tristate + tristate "NF_NAT_FTP" depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_FTP config NF_NAT_IRC - tristate + tristate "NF_NAT_IRC" depends on NF_CONNTRACK && NF_NAT default NF_NAT && NF_CONNTRACK_IRC @@ -431,7 +431,7 @@ config NF_NAT_REDIRECT bool config NF_NAT_MASQUERADE - bool + tristate "MASQUERADE support" config NETFILTER_SYNPROXY tristate -- 2.25.1