[OpenWrt-Devel] kernel: nf-nathelper-extra depends on ipt-raw

Message ID mailman.2992.1536327858.2371.openwrt-devel@lists.openwrt.org
State New
Headers show
Series
  • [OpenWrt-Devel] kernel: nf-nathelper-extra depends on ipt-raw
Related show

Commit Message

Steven Honson via openwrt-devel Sept. 7, 2018, 1:44 p.m.
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
As automatic helper assignment is disabled in recent Linux kernels,
explicit rules must be added to the raw table for each helper.

While commit f50a524 in the firewall3 project added a set of default
rules and other additional related functionality, both this and the
alternative manual methods of defining these rules require kmod-ipt-raw.

Signed-off-by: Steven Honson <steven@honson.id.au>
---
 package/kernel/linux/modules/netfilter.mk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

—
2.18.0

Comments

Hans Dedecker Sept. 7, 2018, 2:26 p.m. | #1
Hi,
On Fri, Sep 7, 2018 at 3:44 PM Steven Honson via openwrt-devel
<openwrt-devel@lists.openwrt.org> wrote:
>
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
>
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
>
>
> ---------- Forwarded message ----------
> From: Steven Honson <steven@honson.id.au>
> To: openwrt-devel@lists.openwrt.org
> Cc:
> Bcc:
> Date: Fri, 7 Sep 2018 23:40:57 +1000
> Subject: [PATCH] kernel: nf-nathelper-extra depends on ipt-raw
> As automatic helper assignment is disabled in recent Linux kernels,
> explicit rules must be added to the raw table for each helper.
>
> While commit f50a524 in the firewall3 project added a set of default
> rules and other additional related functionality, both this and the
> alternative manual methods of defining these rules require kmod-ipt-raw.
Does commit https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e5f56c07d7fab9a6f2201f4100b593349b8ef67d
not already fix this problem ?

Hans
>
> Signed-off-by: Steven Honson <steven@honson.id.au>
> ---
>  package/kernel/linux/modules/netfilter.mk | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
> index 6d751cc658..3dc408b8d2 100644
> --- a/package/kernel/linux/modules/netfilter.mk
> +++ b/package/kernel/linux/modules/netfilter.mk
> @@ -447,7 +447,7 @@ define KernelPackage/nf-nathelper-extra
>    KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
>    FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
>    AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
> -  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
> +  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw
>  endef
>
>  define KernelPackage/nf-nathelper-extra/description
> —
> 2.18.0
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Steven Honson via openwrt-devel Sept. 7, 2018, 2:33 p.m. | #2
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Hi Hans,

I don’t believe so, as the set of patches I have submitted are for the NAT Helpers, rather than Connection Tracking extensions, which is what e5f56c0 appears to target.

Apologies for the need for a V2 for the nf-nathelper patch, I managed to somehow get a typo in the sign off line of the original patch!

Steven

> On 8 Sep 2018, at 12:26 am, Hans Dedecker <dedeckeh@gmail.com> wrote:
> 
> Hi,
> On Fri, Sep 7, 2018 at 3:44 PM Steven Honson via openwrt-devel
> <openwrt-devel@lists.openwrt.org> wrote:
>> 
>> The sender domain has a DMARC Reject/Quarantine policy which disallows
>> sending mailing list messages using the original "From" header.
>> 
>> To mitigate this problem, the original message has been wrapped
>> automatically by the mailing list software.
>> 
>> 
>> ---------- Forwarded message ----------
>> From: Steven Honson <steven@honson.id.au>
>> To: openwrt-devel@lists.openwrt.org
>> Cc:
>> Bcc:
>> Date: Fri, 7 Sep 2018 23:40:57 +1000
>> Subject: [PATCH] kernel: nf-nathelper-extra depends on ipt-raw
>> As automatic helper assignment is disabled in recent Linux kernels,
>> explicit rules must be added to the raw table for each helper.
>> 
>> While commit f50a524 in the firewall3 project added a set of default
>> rules and other additional related functionality, both this and the
>> alternative manual methods of defining these rules require kmod-ipt-raw.
> Does commit https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e5f56c07d7fab9a6f2201f4100b593349b8ef67d
> not already fix this problem ?
> 
> Hans
>> 
>> Signed-off-by: Steven Honson <steven@honson.id.au>
>> ---
>> package/kernel/linux/modules/netfilter.mk | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
>> index 6d751cc658..3dc408b8d2 100644
>> --- a/package/kernel/linux/modules/netfilter.mk
>> +++ b/package/kernel/linux/modules/netfilter.mk
>> @@ -447,7 +447,7 @@ define KernelPackage/nf-nathelper-extra
>>   KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
>>   FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
>>   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
>> -  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
>> +  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw
>> endef
>> 
>> define KernelPackage/nf-nathelper-extra/description
>> —
>> 2.18.0
>> 
>> 
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel@lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Patch

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 6d751cc658..3dc408b8d2 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -447,7 +447,7 @@  define KernelPackage/nf-nathelper-extra
   KCONFIG:=$(KCONFIG_NF_NATHELPER_EXTRA)
   FILES:=$(foreach mod,$(NF_NATHELPER_EXTRA-m),$(LINUX_DIR)/net/$(mod).ko)
   AUTOLOAD:=$(call AutoProbe,$(notdir $(NF_NATHELPER_EXTRA-m)))
-  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch
+  DEPENDS:=+kmod-nf-nat +kmod-lib-textsearch +kmod-ipt-raw
 endef

 define KernelPackage/nf-nathelper-extra/description