mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-10-29 17:42:41 +00:00
Compare commits
7 Commits
staging-WI
...
staging-WI
| Author | SHA1 | Date | |
|---|---|---|---|
|
216f8cece2 | ||
|
|
1a3955554a | ||
|
|
427ad99151 | ||
|
|
02ed19e3ac | ||
|
|
60968f8c89 | ||
|
|
207a592896 | ||
|
|
1bae90f681 |
39
feeds/ucentral/natlog/Makefile
Normal file
39
feeds/ucentral/natlog/Makefile
Normal file
@@ -0,0 +1,39 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=natlog
|
||||
PKG_VERSION:=1.0
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_MAINTAINER:=kmk
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
# Define dependencies
|
||||
define KernelPackage/natlog
|
||||
SUBMENU:=Netfilter Extensions
|
||||
TITLE:=NFLOG NAT translation logger
|
||||
FILES:=$(PKG_BUILD_DIR)/natlog.ko
|
||||
DEPENDS:=+kmod-nf-conntrack +kmod-nf-ipt
|
||||
endef
|
||||
|
||||
define KernelPackage/natlog/description
|
||||
Kernel module for logging NAT translations via NFLOG.
|
||||
endef
|
||||
|
||||
define Build/Prepare
|
||||
mkdir -p $(PKG_BUILD_DIR)
|
||||
$(CP) ./src/* $(PKG_BUILD_DIR)/
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
$(KERNEL_MAKE) M="$(PKG_BUILD_DIR)" modules
|
||||
endef
|
||||
|
||||
define KernelPackage/natlog/install
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call KernelPackage,natlog))
|
||||
2
feeds/ucentral/natlog/files/etc/config/natlog
Normal file
2
feeds/ucentral/natlog/files/etc/config/natlog
Normal file
@@ -0,0 +1,2 @@
|
||||
# config defaults
|
||||
# option enabled '1'
|
||||
35
feeds/ucentral/natlog/files/etc/init.d/natlog
Executable file
35
feeds/ucentral/natlog/files/etc/init.d/natlog
Executable file
@@ -0,0 +1,35 @@
|
||||
#!/bin/sh /etc/rc.common
|
||||
# OpenWrt init script for natlog kernel module
|
||||
|
||||
START=15
|
||||
STOP=90
|
||||
|
||||
USE_PROCD=1
|
||||
|
||||
modfile="/lib/modules/$(uname -r)/natlog.ko"
|
||||
|
||||
start_service() {
|
||||
enabled=$(uci get natlog.@defaults[0].enabled 2>/dev/null)
|
||||
|
||||
if [ "$enabled" = "1" ]; then
|
||||
if [ -f "$modfile" ]; then
|
||||
echo "Loading natlog kernel module..."
|
||||
insmod "$modfile" || {
|
||||
echo "Failed to load $modfile"
|
||||
return 1
|
||||
}
|
||||
else
|
||||
echo "Kernel module not found: $modfile"
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
echo "natlog disabled in UCI config"
|
||||
fi
|
||||
}
|
||||
|
||||
stop_service() {
|
||||
if lsmod | grep -q "^natlog"; then
|
||||
echo "Unloading natlog kernel module..."
|
||||
rmmod natlog
|
||||
fi
|
||||
}
|
||||
1
feeds/ucentral/natlog/src/Makefile
Normal file
1
feeds/ucentral/natlog/src/Makefile
Normal file
@@ -0,0 +1 @@
|
||||
obj-m += natlog.o
|
||||
118
feeds/ucentral/natlog/src/natlog.c
Normal file
118
feeds/ucentral/natlog/src/natlog.c
Normal file
@@ -0,0 +1,118 @@
|
||||
#include <linux/module.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/netfilter.h>
|
||||
#include <linux/netfilter_ipv4.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/ip.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/netfilter/nfnetlink.h>
|
||||
#include <net/netfilter/nf_conntrack.h>
|
||||
#include <net/netfilter/nf_log.h>
|
||||
#include <linux/etherdevice.h>
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("KMK");
|
||||
MODULE_DESCRIPTION("Kernel module to log client request SNAT and server response DNAT using nf_conntrack");
|
||||
|
||||
static struct nf_hook_ops nat_hook_ops_pre;
|
||||
static struct nf_hook_ops nat_hook_ops_post;
|
||||
|
||||
static void log_nat_info(struct nf_conn *ct, struct sk_buff *skb, unsigned int hooknum)
|
||||
{
|
||||
struct nf_conntrack_tuple *orig_tuple, *reply_tuple;
|
||||
char *proto_name;
|
||||
__u16 sport, dport, nat_sport, nat_dport;
|
||||
__u32 saddr, daddr, nat_saddr, nat_daddr;
|
||||
unsigned char *mac_addr;
|
||||
char mac_str[18];
|
||||
|
||||
if (!ct)
|
||||
return;
|
||||
|
||||
orig_tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
|
||||
reply_tuple = &ct->tuplehash[IP_CT_DIR_REPLY].tuple;
|
||||
|
||||
switch (orig_tuple->dst.protonum) {
|
||||
case IPPROTO_TCP:
|
||||
proto_name = "TCP";
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
proto_name = "UDP";
|
||||
break;
|
||||
default:
|
||||
return;
|
||||
}
|
||||
|
||||
saddr = orig_tuple->src.u3.ip;
|
||||
daddr = orig_tuple->dst.u3.ip;
|
||||
sport = ntohs(orig_tuple->src.u.all);
|
||||
dport = ntohs(orig_tuple->dst.u.all);
|
||||
|
||||
nat_saddr = reply_tuple->dst.u3.ip;
|
||||
nat_daddr = reply_tuple->src.u3.ip;
|
||||
nat_sport = ntohs(reply_tuple->dst.u.all);
|
||||
nat_dport = ntohs(reply_tuple->src.u.all);
|
||||
|
||||
if (hooknum == NF_INET_POST_ROUTING && (ct->status & IPS_SRC_NAT)) {
|
||||
if (!skb_mac_header_was_set(skb))
|
||||
return;
|
||||
mac_addr = skb_mac_header(skb);
|
||||
snprintf(mac_str, sizeof(mac_str), "%02x:%02x:%02x:%02x:%02x:%02x",
|
||||
mac_addr[6], mac_addr[7], mac_addr[8], mac_addr[9], mac_addr[10], mac_addr[11]);
|
||||
printk(KERN_INFO "NAT_LOG: %s SRC MAC: %s; Original: %pI4:%u -> %pI4:%u, NAT: %pI4:%u -> %pI4:%u\n",
|
||||
proto_name, mac_str,
|
||||
&saddr, sport, &daddr, dport,
|
||||
&nat_saddr, nat_sport, &daddr, dport);
|
||||
}
|
||||
}
|
||||
|
||||
static unsigned int nat_hook_func(void *priv,
|
||||
struct sk_buff *skb,
|
||||
const struct nf_hook_state *state)
|
||||
{
|
||||
struct nf_conn *ct;
|
||||
enum ip_conntrack_info ct_info;
|
||||
|
||||
ct = nf_ct_get(skb, &ct_info);
|
||||
if (!ct) {
|
||||
printk(KERN_DEBUG "NAT_LOG: No conntrack info for packet\n");
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
if (ct->status & IPS_NAT_MASK) {
|
||||
log_nat_info(ct, skb, state->hook);
|
||||
}
|
||||
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
static int __init nat_logger_init(void)
|
||||
{
|
||||
int ret;
|
||||
|
||||
nat_hook_ops_post.hook = nat_hook_func;
|
||||
nat_hook_ops_post.pf = PF_INET;
|
||||
nat_hook_ops_post.hooknum = NF_INET_POST_ROUTING;
|
||||
nat_hook_ops_post.priority = NF_IP_PRI_NAT_SRC;
|
||||
|
||||
ret = nf_register_net_hook(&init_net, &nat_hook_ops_post);
|
||||
if (ret) {
|
||||
printk(KERN_ERR "NAT_LOG: Failed to register POST_ROUTING hook: %d\n", ret);
|
||||
nf_unregister_net_hook(&init_net, &nat_hook_ops_post);
|
||||
return ret;
|
||||
}
|
||||
|
||||
printk(KERN_INFO "NAT_LOG: Module loaded successfully\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void __exit nat_logger_exit(void)
|
||||
{
|
||||
nf_unregister_net_hook(&init_net, &nat_hook_ops_post);
|
||||
printk(KERN_INFO "NAT_LOG: Module unloaded\n");
|
||||
}
|
||||
|
||||
module_init(nat_logger_init);
|
||||
module_exit(nat_logger_exit);
|
||||
@@ -1,5 +1,5 @@
|
||||
{
|
||||
"major": 4,
|
||||
"minor": 1,
|
||||
"patch": 0
|
||||
"patch": 1
|
||||
}
|
||||
|
||||
@@ -275,23 +275,27 @@ handlers = {
|
||||
},
|
||||
|
||||
vlan_add: function(notify) {
|
||||
let vlan_id = `${notify.data.vlan_id}`;
|
||||
vlan_refcount[vlan_id] = (vlan_refcount[vlan_id] || 0) + 1;
|
||||
|
||||
if (vlan_refcount[vlan_id] > 1) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (config.config.swconfig)
|
||||
return handlers.vlan_add_swconfig(notify);
|
||||
|
||||
for (let wan in wan_ports) {
|
||||
let msg = {
|
||||
name: wan,
|
||||
vlan: [ `${notify.data.vlan_id}:t` ]
|
||||
};
|
||||
ubus.call('network.interface.up_none', 'add_device', msg);
|
||||
ubus.call('udevstats', 'add_device', { device: wan, vlan: +notify.data.vlan_id });
|
||||
let vlan_id = `${notify.data.vlan_id}`;
|
||||
vlan_refcount[vlan_id] = (vlan_refcount[vlan_id] || 0) + 1;
|
||||
|
||||
let parts = split(notify.data.ifname, '-v');
|
||||
let is_wifi_iface = (length(parts) == 2 && wildcard(parts[0], 'wlan*'));
|
||||
|
||||
if (vlan_refcount[vlan_id] > 1 && !is_wifi_iface)
|
||||
return;
|
||||
|
||||
if (vlan_refcount[vlan_id] == 1) {
|
||||
for (let wan in wan_ports) {
|
||||
let msg = {
|
||||
name: wan,
|
||||
vlan: [ `${notify.data.vlan_id}:t` ]
|
||||
};
|
||||
ubus.call('network.interface.up_none', 'add_device', msg);
|
||||
ubus.call('udevstats', 'add_device', { device: wan, vlan: +notify.data.vlan_id });
|
||||
}
|
||||
}
|
||||
|
||||
let msg = {
|
||||
@@ -304,16 +308,16 @@ handlers = {
|
||||
},
|
||||
|
||||
vlan_remove: function(notify) {
|
||||
if (config.config.swconfig)
|
||||
return;
|
||||
|
||||
let vlan_id = `${notify.data.vlan_id}`;
|
||||
vlan_refcount[vlan_id] = (vlan_refcount[vlan_id] || 1) - 1;
|
||||
|
||||
if (vlan_refcount[vlan_id] > 0) {
|
||||
if (vlan_refcount[vlan_id] > 0)
|
||||
return;
|
||||
}
|
||||
delete vlan_refcount[vlan_id];
|
||||
|
||||
if (config.config.swconfig)
|
||||
return;
|
||||
for (let wan in wan_ports) {
|
||||
let msg = {
|
||||
name: wan,
|
||||
|
||||
@@ -4,10 +4,10 @@ PKG_NAME:=ucentral-schema
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
|
||||
PKG_MIRROR_HASH:=f72d2e5b01ecb7a488d50d860da63664d992e50c7e046fed866be6733bab3c1c
|
||||
PKG_MIRROR_HASH:=c0f43db0530a38eb424e81908ad47a14e1d4d8f8a86eb148e34f98187c79ba6b
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_DATE:=2025-09-29
|
||||
PKG_SOURCE_VERSION:=676e1550c53b7d48a54aa759f65d341168627c5e
|
||||
PKG_SOURCE_DATE:=2025-10-16
|
||||
PKG_SOURCE_VERSION:=dc9cad95641266a08de73aab85d931d992090159
|
||||
PKG_MAINTAINER:=John Crispin <john@phrozen.org>
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
|
||||
|
||||
@@ -1,17 +1,12 @@
|
||||
{
|
||||
"uuid": 2,
|
||||
"radios": [
|
||||
{
|
||||
"band": "6G",
|
||||
"country": "CA",
|
||||
"channel-mode": "HE",
|
||||
"channel-width": 80
|
||||
},
|
||||
{
|
||||
"band": "5G",
|
||||
"country": "CA",
|
||||
"channel-mode": "HE",
|
||||
"channel-width": 80
|
||||
"channel-width": 80,
|
||||
"channel": 36
|
||||
},
|
||||
{
|
||||
"band": "2G",
|
||||
@@ -57,10 +52,7 @@
|
||||
"key": "bbbbbbbb"
|
||||
}
|
||||
],
|
||||
"roaming": {
|
||||
"message-exchange": "ds",
|
||||
"generate-psk": true
|
||||
}
|
||||
"roaming": true
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@@ -17,4 +17,4 @@ packages:
|
||||
- sysstat
|
||||
- kmod-cig-poe-judgment
|
||||
diffconfig: |
|
||||
CONFIG_KERNEL_IPQ_MEM_PROFILE=0
|
||||
CONFIG_KERNEL_IPQ_MEM_PROFILE=0
|
||||
|
||||
@@ -16,4 +16,4 @@ packages:
|
||||
- sysstat
|
||||
- kmod-cig-poe-judgment
|
||||
diffconfig: |
|
||||
CONFIG_KERNEL_IPQ_MEM_PROFILE=0
|
||||
CONFIG_KERNEL_IPQ_MEM_PROFILE=0
|
||||
|
||||
@@ -68,6 +68,7 @@ packages:
|
||||
- wireless-regdb
|
||||
- wpad-openssl
|
||||
- cloud_discovery
|
||||
- kmod-natlog
|
||||
diffconfig: |
|
||||
CONFIG_OPENSSL_ENGINE=y
|
||||
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y
|
||||
|
||||
Reference in New Issue
Block a user