Browse Source

jool: remove iptables support and update templates

This commit removes iptables backend support and leaves only the
netfilter backend support. This means that:
-  iptables and nftables firewall based systems (firewall3 and firewall
4) are supported trough the netfilter instance mode
-  the iptables/xtables mode support is disabled

For more information on the modes and how to use the new netfilter
instance checkout https://www.jool.mx/en/intro-jool.html

This move is made out of the commit upstream that sets firewall4 as the
default for new default buils and based on the conversation in #16818
and was decided that the netfilter interface is the priority since
iptables support will be dropped in the foreseeable future.

While at it update the templates provided.

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
lilik-openwrt-22.03
Tiago Gaspar 3 years ago
committed by Rosen Penev
parent
commit
28ac3a6997
4 changed files with 107 additions and 88 deletions
  1. +56
    -56
      net/jool/Makefile
  2. +21
    -22
      net/jool/files/jool-nat64.conf.json
  3. +9
    -10
      net/jool/files/jool-siit.conf.json
  4. +21
    -0
      net/jool/patches/001-libtool-reduce-version.patch

+ 56
- 56
net/jool/Makefile View File

@ -8,21 +8,26 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=jool PKG_NAME:=jool
PKG_VERSION:=4.1.6
PKG_VERSION:=2022-01-20
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/NICMx/Jool/releases/download/v$(PKG_VERSION)
PKG_HASH:=dccfde88e3b97a7d1c44c53b6541b74873a04f50bb8cfd187eb399d5ae8d2c81
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0-only PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING PKG_LICENSE_FILES:=COPYING
PKG_INSTALL:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/NICMx/Jool.git
PKG_SOURCE_VERSION:=04ef98dd6c7528fc25f68bef304fb74c59cb7083
PKG_MIRROR_HASH:=f17551f8ab80a75b6d7f4b5d9208013a4a8101298b80ae9adaa2892db30ac385
PKG_BUILD_DIR=$(KERNEL_BUILD_DIR)/$(PKG_SOURCE_SUBDIR)
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_BUILD_DEPENDS:=!USE_GLIBC:argp-standalone PKG_BUILD_DEPENDS:=!USE_GLIBC:argp-standalone
PKG_FIXUP:=autoreconf
MAKE_PATH:=src/usr
CONFIGURE_PATH:=src/usr
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
define Build/Compile define Build/Compile
@ -32,12 +37,14 @@ define Build/Compile
CROSS_COMPILE="$(TARGET_CROSS)" \ CROSS_COMPILE="$(TARGET_CROSS)" \
M="$(PKG_BUILD_DIR)/src/mod/common" \ M="$(PKG_BUILD_DIR)/src/mod/common" \
V="$(V)" \ V="$(V)" \
CFLAGS_MODULE=$(NOXTABLES) \
modules modules
$(MAKE) -C "$(LINUX_DIR)" \ $(MAKE) -C "$(LINUX_DIR)" \
KERNEL_DIR="$(LINUX_DIR)" \ KERNEL_DIR="$(LINUX_DIR)" \
ARCH="$(LINUX_KARCH)" \ ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \ CROSS_COMPILE="$(TARGET_CROSS)" \
M="$(PKG_BUILD_DIR)/src/mod/nat64" \ M="$(PKG_BUILD_DIR)/src/mod/nat64" \
CFLAGS_MODULE=$(NOXTABLES) \
V="$(V)" \ V="$(V)" \
modules modules
$(MAKE) -C "$(LINUX_DIR)" \ $(MAKE) -C "$(LINUX_DIR)" \
@ -45,11 +52,17 @@ define Build/Compile
ARCH="$(LINUX_KARCH)" \ ARCH="$(LINUX_KARCH)" \
CROSS_COMPILE="$(TARGET_CROSS)" \ CROSS_COMPILE="$(TARGET_CROSS)" \
M="$(PKG_BUILD_DIR)/src/mod/siit" \ M="$(PKG_BUILD_DIR)/src/mod/siit" \
CFLAGS_MODULE=$(NOXTABLES) \
V="$(V)" \ V="$(V)" \
modules modules
$(call Build/Compile/Default) $(call Build/Compile/Default)
endef endef
define Build/Configure
(cd $(PKG_BUILD_DIR); ./autogen.sh );
$(call Build/Configure/Default, --with-xtables=no)
endef
define Package/jool/Default define Package/jool/Default
SECTION:=net SECTION:=net
@ -62,72 +75,59 @@ define Package/jool/Default/description
endef endef
define KernelPackage/jool
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
TITLE:=Jool kernel module
DEPENDS:= \
@IPV6 \
+kmod-crypto-md5 \
+kmod-nf-conntrack \
+kmod-nf-conntrack6 \
+kmod-nf-ipt
FILES:= \
$(PKG_BUILD_DIR)/src/mod/common/jool_common.$(LINUX_KMOD_SUFFIX) \
$(PKG_BUILD_DIR)/src/mod/nat64/jool.$(LINUX_KMOD_SUFFIX) \
$(PKG_BUILD_DIR)/src/mod/siit/jool_siit.$(LINUX_KMOD_SUFFIX)
JOOL_AUTOLOAD:= \
jool \
jool_siit
AUTOLOAD:=$(call AutoLoad,46,jool_common)
AUTOLOAD:=$(call AutoLoad,48,$(JOOL_AUTOLOAD))
define KernelPackage/jool-netfilter
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
TITLE:=Jool kernel module
DEPENDS:= \
@IPV6 \
+kmod-crypto-md5 \
+kmod-nf-conntrack \
+kmod-nf-conntrack6
FILES:= \
$(PKG_BUILD_DIR)/src/mod/common/jool_common.$(LINUX_KMOD_SUFFIX) \
$(PKG_BUILD_DIR)/src/mod/nat64/jool.$(LINUX_KMOD_SUFFIX) \
$(PKG_BUILD_DIR)/src/mod/siit/jool_siit.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoLoad,48,$(JOOL_AUTOLOAD))
endef endef
define KernelPackage/jool/description
define KernelPackage/jool-netfilter/description
$(call Package/jool/Default/description) $(call Package/jool/Default/description)
This package provides the kernel module for Jool.
This package provides the kernel module for Jool with netfilter API Only.
endef endef
define Package/jool-tools
define Package/jool-tools-netfilter
$(call Package/jool/Default) $(call Package/jool/Default)
TITLE:=Jool userspace control programs TITLE:=Jool userspace control programs
DEPENDS:=+kmod-jool +libnl +libxtables
DEPENDS:=+libnl +kmod-jool-netfilter
endef endef
define Package/jool-tools/description
define Package/jool-tools-netfilter/description
$(call Package/jool/Default/description) $(call Package/jool/Default/description)
This package provides the userspace control programs for Jool. This package provides the userspace control programs for Jool.
endef endef
CONFIGURE_ARGS += \
--disable-shared \
--without-bash-completion-dir
CONFIGURE_VARS += \
ac_cv_func_memset=yes \
ac_cv_func_strcasecmp=yes
JOOL_AUTOLOAD:= \ JOOL_AUTOLOAD:= \
jool_common \
jool \ jool \
jool_siit jool_siit
define Package/jool-tools/install
$(INSTALL_DIR) $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/jool $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/joold $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/jool_siit $(1)/usr/bin/
NOXTABLES:=-DXTABLES_DISABLED
$(INSTALL_DIR) $(1)/usr/lib/iptables
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/iptables/libxt_JOOL_SIIT.so \
$(1)/usr/lib/iptables
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/iptables/libxt_JOOL.so \
$(1)/usr/lib/iptables
define Package/jool-tools-netfilter/conffiles
/etc/config/jool
/etc/jool/jool-nat64.conf.json
/etc/jool/jool-siit.conf.json
endef
define Package/jool-tools-netfilter/install
$(INSTALL_DIR) $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usr/nat64/jool $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usr/joold/joold $(1)/usr/bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/usr/siit/jool_siit $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/jool.config $(1)/etc/config/jool $(INSTALL_CONF) ./files/jool.config $(1)/etc/config/jool
@ -136,10 +136,10 @@ define Package/jool-tools/install
$(INSTALL_BIN) ./files/jool.init $(1)/etc/init.d/jool $(INSTALL_BIN) ./files/jool.init $(1)/etc/init.d/jool
$(INSTALL_DIR) $(1)/etc/jool $(INSTALL_DIR) $(1)/etc/jool
$(INSTALL_DATA) ./files/jool-nat64.conf.json $(1)/etc/jool/jool-nat64.conf.json.default
$(INSTALL_DATA) ./files/jool-siit.conf.json $(1)/etc/jool/jool-siit.conf.json.default
$(INSTALL_CONF) ./files/jool-nat64.conf.json $(1)/etc/jool/jool-nat64.conf.json
$(INSTALL_CONF) ./files/jool-siit.conf.json $(1)/etc/jool/jool-siit.conf.json
$(INSTALL_DATA) ./files/readme.md $(1)/etc/jool/readme.md $(INSTALL_DATA) ./files/readme.md $(1)/etc/jool/readme.md
endef endef
$(eval $(call KernelPackage,jool))
$(eval $(call BuildPackage,jool-tools))
$(eval $(call KernelPackage,jool-netfilter))
$(eval $(call BuildPackage,jool-tools-netfilter))

+ 21
- 22
net/jool/files/jool-nat64.conf.json View File

@ -1,8 +1,7 @@
{ {
"comment": "Sample full NAT64 configuration.", "comment": "Sample full NAT64 configuration.",
"comment": "Configuration details at https://jool.mx/en/usr-flags-global.html",
"instance": "default",
"instance": "instance name",
"framework": "netfilter", "framework": "netfilter",
"global": { "global": {
@ -10,32 +9,32 @@
"manually-enabled": false, "manually-enabled": false,
"zeroize-traffic-class": false,
"zeroize-traffic-class": true,
"override-tos": false, "override-tos": false,
"tos": 0,
"mtu-plateaus": [65535, 32000, 17914, 8166, 4352, 2002, 1492, 1006, 508, 296, 68],
"maximum-simultaneous-opens": 10,
"tos": 254,
"mtu-plateaus": [1, 2, 3, 4, 5, 6],
"maximum-simultaneous-opens": 16,
"source-icmpv6-errors-better": true, "source-icmpv6-errors-better": true,
"handle-rst-during-fin-rcv": false,
"f-args": 11,
"handle-rst-during-fin-rcv": true,
"f-args": 10,
"logging-bib": false,
"logging-session": false,
"logging-bib": true,
"logging-session": true,
"address-dependent-filtering": false,
"drop-icmpv6-info": false,
"drop-externally-initiated-tcp": false,
"address-dependent-filtering": true,
"drop-icmpv6-info": true,
"drop-externally-initiated-tcp": true,
"udp-timeout": "5:00",
"tcp-est-timeout": "2:00:00",
"tcp-trans-timeout": "4:00",
"icmp-timeout": "1:00",
"udp-timeout": "1:00:00",
"tcp-est-timeout": "10:00:00",
"tcp-trans-timeout": "5:00",
"icmp-timeout": "5:30",
"ss-enabled": false,
"ss-flush-asap": true,
"ss-flush-deadline": 2000,
"ss-capacity": 512,
"ss-max-payload": 1452
"ss-enabled": true,
"ss-flush-asap": false,
"ss-flush-deadline": 1000,
"ss-capacity": 256,
"ss-max-payload": 600
}, },
"pool4": [ "pool4": [


+ 9
- 10
net/jool/files/jool-siit.conf.json View File

@ -1,6 +1,5 @@
{ {
"comment": "Sample full SIIT configuration.", "comment": "Sample full SIIT configuration.",
"comment": "Configuration details at https://jool.mx/en/usr-flags-global.html",
"instance": "instance name", "instance": "instance name",
"framework": "netfilter", "framework": "netfilter",
@ -8,14 +7,14 @@
"global": { "global": {
"comment": "pool6 and the RFC6791v4 pool belong here, ever since Jool 4.", "comment": "pool6 and the RFC6791v4 pool belong here, ever since Jool 4.",
"pool6": "64:ff9b::/96", "pool6": "64:ff9b::/96",
"manually-enabled": true,
"zeroize-traffic-class": false,
"manually-enabled": false,
"zeroize-traffic-class": true,
"override-tos": false, "override-tos": false,
"tos": 0,
"mtu-plateaus": [65535, 32000, 17914, 8166, 4352, 2002, 1492, 1006, 508, 296, 68],
"amend-udp-checksum-zero": false,
"eam-hairpin-mode": "intrinsic",
"randomize-rfc6791-addresses": true,
"tos": 254,
"mtu-plateaus": [1, 2, 3, 4, 5, 6],
"amend-udp-checksum-zero": true,
"eam-hairpin-mode": "simple",
"randomize-rfc6791-addresses": false,
"rfc6791v6-prefix": null, "rfc6791v6-prefix": null,
"rfc6791v4-prefix": null "rfc6791v4-prefix": null
}, },
@ -39,8 +38,8 @@
} }
], ],
"comment": "This comment is relevant to blacklist4 maybe.",
"blacklist4": [
"comment": "This comment is relevant to denylist4 maybe.",
"denylist4": [
"198.51.100.0", "198.51.100.0",
"198.51.100.2/32", "198.51.100.2/32",
"198.51.100.32/27" "198.51.100.32/27"


+ 21
- 0
net/jool/patches/001-libtool-reduce-version.patch View File

@ -0,0 +1,21 @@
From: Tiago Gaspar <tiagogaspar8@gmail.com>
Date: Fri, 21 Jan 2022 13:39:30 +0000
Subject: [PATCH] libtool: Reduce the required version
Current Openwrt's libtool verion is 2.4.2, yet, jool had the requirement
set to 2.4.6 in source.
Change that to Openwrt's version.
Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@ AC_PREREQ([2.68])
AC_INIT([Jool], [4.1.6], [jool@nic.mx])
AC_CONFIG_SRCDIR([src/common/xlat.h])
AM_INIT_AUTOMAKE([subdir-objects])
-LT_PREREQ([2.4.6])
+LT_PREREQ([2.4.2])
# Checks for programs.
AC_PROG_CC

Loading…
Cancel
Save