Wednesday, March 23, 2011

Porting iptables 1.4.10 to Android

(Update 25 Aprile 2011: This port is now in Google Code called iptables4n1).

Introduction 

The Android source comes with iptables 1.3.7. But that distribution is not compatible with Linux kernel 2.6.32 or newer versions. For example, even though iptables 1.3.7 can be built into the Android Emulator and Google Dev Phone 2 (a.k.a. HTC Magic) which are based on Linux kernel 2.6.29, it won't compile with kernel 2.6.32 used in Nexus One and many newer Android devices. The main difference between iptables 1.3.7 and 1.4.x is the emergence of "xtables" in the latter version. Fortunately, Google has done a commendable job in keeping Android in sync with Linux kernel releases. This makes porting a new version of iptables to Android largely an exercise of makefile changes. I will outline the steps here as a service to the open source community.

Steps

Below are steps for porting iptables 1.4.10 to Android/Linux kernel 2.6.32.
  1. Check out the Android source.
  2. Download iptables 1.4.10 source from the Netfilter project.
  3. Go to the checked out Android source and change to $SRC/external/iptables. Delete the content underneath that directory (or make a backup if you want) and then copy the downloaded iptables 1.4.10 content to that directory.
  4. Create a new Android.mk file under $SRC/external/iptables. This is the Android makefile. You can model yours after the one from the original Android source but you need to accommodate naming changes to iptable extensions that went from libiptXXX in 1.3.7 to libxtXXX in 1.4.10.
  5. Change to $SRC/external/iptables/extensions and create a new create_initext4 file there. 
  6. Change back to $SRC/external/iptables and run make. Fix header inclusion issues as needed.
Sample Android.mk

ifneq ($(TARGET_SIMULATOR),true)
  BUILD_IPTABLES := 1
endif
ifeq ($(BUILD_IPTABLES),1)
LOCAL_PATH:= $(call my-dir)
#
# Build libraries
#
# libxtables
include $(CLEAR_VARS)
LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/include/ \
    $(KERNEL_HEADERS)
LOCAL_CFLAGS:=-DNO_SHARED_LIBS
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
LOCAL_CFLAGS+=-DIPTABLES_VERSION=\"1.4.10\"
LOCAL_CFLAGS+=-DXTABLES_VERSION=\"1.4.10\" # -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\"
LOCAL_CFLAGS+=-DXTABLES_LIBDIR
LOCAL_SRC_FILES:= \
    xtables.c
LOCAL_MODULE_TAGS:=
LOCAL_MODULE:=libxtables
include $(BUILD_STATIC_LIBRARY)
# libip4tc
include $(CLEAR_VARS)
LOCAL_C_INCLUDES:= \
    $(KERNEL_HEADERS) \
    $(LOCAL_PATH)/include/
LOCAL_CFLAGS:=-DNO_SHARED_LIBS
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
LOCAL_SRC_FILES:= \
    libiptc/libip4tc.c
LOCAL_MODULE_TAGS:=
LOCAL_MODULE:=libip4tc
include $(BUILD_STATIC_LIBRARY)
# libext4
include $(CLEAR_VARS)
LOCAL_MODULE_TAGS:=
LOCAL_MODULE:=libext4
# LOCAL_MODULE_CLASS must be defined before calling $(local-intermediates-dir)
#
LOCAL_MODULE_CLASS := STATIC_LIBRARIES
intermediates := $(call local-intermediates-dir)
LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/include/ \
    $(KERNEL_HEADERS) \
    $(intermediates)/extensions/
LOCAL_CFLAGS:=-DNO_SHARED_LIBS
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
LOCAL_CFLAGS+=-D_INIT=$*_init
LOCAL_CFLAGS+=-DIPTABLES_VERSION=\"1.4.10\"
LOCAL_CFLAGS+=-DXTABLES_VERSION=\"1.4.10\"
PF_EXT_SLIB:=ah addrtype ecn 
PF_EXT_SLIB+=icmp #2mark
PF_EXT_SLIB+=realm
PF_EXT_SLIB+=ttl unclean DNAT LOG #DSCP ECN
PF_EXT_SLIB+=MASQUERADE MIRROR NETMAP REDIRECT REJECT #MARK
PF_EXT_SLIB+=SAME SNAT ULOG # TOS TCPMSS TTL
PF_EXT_SLIB+=TAG
EXT_FUNC+=$(foreach T,$(PF_EXT_SLIB),ipt_$(T))
# xtable stuff
NEW_PF_EXT_SLIB:=comment conntrack connmark dscp tcpmss esp
NEW_PF_EXT_SLIB+=hashlimit helper iprange length limit mac multiport
NEW_PF_EXT_SLIB+=owner physdev pkttype policy sctp standard state tcp
NEW_PF_EXT_SLIB+=tos udp CLASSIFY CONNMARK
NEW_PF_EXT_SLIB+=NFQUEUE NOTRACK
EXT_FUNC+=$(foreach N,$(NEW_PF_EXT_SLIB),xt_$(N))
# generated headers
GEN_INITEXT:= $(intermediates)/extensions/gen_initext4.c
$(GEN_INITEXT): PRIVATE_PATH := $(LOCAL_PATH)
$(GEN_INITEXT): PRIVATE_CUSTOM_TOOL = $(PRIVATE_PATH)/extensions/create_initext4 "$(EXT_FUNC)" > $@
$(GEN_INITEXT): PRIVATE_MODULE := $(LOCAL_MODULE)
$(GEN_INITEXT):
    $(transform-generated-source)
$(intermediates)/extensions/initext4.o : $(GEN_INITEXT)
LOCAL_GENERATED_SOURCES:= $(GEN_INITEXT)
LOCAL_SRC_FILES:= \
    $(foreach T,$(PF_EXT_SLIB),extensions/libipt_$(T).c) \
    $(foreach N,$(NEW_PF_EXT_SLIB),extensions/libxt_$(N).c) \
    extensions/initext4.c
LOCAL_STATIC_LIBRARIES := \
    libc
include $(BUILD_STATIC_LIBRARY)
#
# Build iptables
#
include $(CLEAR_VARS)
LOCAL_C_INCLUDES:= \
    $(LOCAL_PATH)/include/ \
    $(KERNEL_HEADERS)
LOCAL_CFLAGS:=-DNO_SHARED_LIBS
LOCAL_CFLAGS+=-DXTABLES_INTERNAL
LOCAL_CFLAGS+=-DIPTABLES_VERSION=\"1.4.10\"
LOCAL_CFLAGS+=-DXTABLES_VERSION=\"1.4.10\" # -DIPT_LIB_DIR=\"$(IPT_LIBDIR)\"
#LOCAL_CFLAGS+=-DIPT_LIB_DIR=\"$(IPT_LIBDIR)\"
LOCAL_SRC_FILES:= \
    iptables.c \
    iptables-standalone.c \
        xshared.c
LOCAL_MODULE_TAGS:=
LOCAL_MODULE:=iptables
LOCAL_STATIC_LIBRARIES := \
    libip4tc \
    libext4  \
        libxtables
include $(BUILD_EXECUTABLE)
endif


Sample create_initext4

#!/bin/sh
echo ""
for i in $1; do
    echo "extern void lib${i}_init(void);";
done;
echo "void init_extensions(void);"
echo "void init_extensions(void) {"
for i in $1; do
    echo "    lib${i}_init();";
done
echo "}"



That is all. Happy hacking!


113 comments:

  1. please be little more descriptive. The link for android source in the above post doesn't work. and also there is no idea where all this $SRC/ directories should be created and how to carry the rest process. I am a beginner, and want to use your way.

    I want to enable full netfilter functionality in the newly compiled kernel and successfully deploy it on to the emulator.
    please help.

    ReplyDelete
    Replies
    1. Thank you for excellent article.You made an article that is interesting.
      Tavera car for rent in chennai|Indica car for rent in chennai|innova car for rent in chennai|mini bus for rent in chennai|tempo traveller for rent in chennai
      Keep on the good work and write more article like this...
      innova car rental chennai|Tavera car rental chennai
      Great work !!!!Congratulations for this blog

      Delete
  2. please check this thread, i am stuck with this.

    http://stackoverflow.com/questions/5406549/error-while-loading-new-compiled-linux-kernel-image-into-the-android-emulator1-5

    ReplyDelete
  3. I am getting this error when executing the make command after ./configure:


    In file included from ../include/xtables.h:15,
    from libxt_CHECKSUM.c:17:
    ../include/linux/types.h:4:23: warning: asm/types.h: No such file or directory
    ../include/linux/types.h:8:31: warning: linux/posix_types.h: No such file or directory
    In file included from ../include/xtables.h:15,
    from libxt_CHECKSUM.c:17:
    ../include/linux/types.h:27: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le16’
    ../include/linux/types.h:28: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be16’
    ../include/linux/types.h:29: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le32’
    ../include/linux/types.h:30: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be32’
    ../include/linux/types.h:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__le64’
    ../include/linux/types.h:32: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__be64’
    ../include/linux/types.h:34: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__sum16’
    ../include/linux/types.h:35: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘__wsum’
    In file included from ../include/xtables.h:16,
    from libxt_CHECKSUM.c:17:
    ../include/linux/netfilter.h:52: error: expected specifier-qualifier-list before ‘__u32’
    In file included from ../include/xtables.h:17,
    from libxt_CHECKSUM.c:17:
    ../include/linux/netfilter/x_tables.h:13: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:20: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:27: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:36: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:43: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:50: error: expected specifier-qualifier-list before ‘__u16’
    ../include/linux/netfilter/x_tables.h:73: error: expected specifier-qualifier-list before ‘__u8’
    ../include/linux/netfilter/x_tables.h:88: error: expected specifier-qualifier-list before ‘__u8’
    ../include/linux/netfilter/x_tables.h:105: error: expected specifier-qualifier-list before ‘__u64’
    In file included from libxt_CHECKSUM.c:18:
    ../include/linux/netfilter/xt_CHECKSUM.h:15: error: expected specifier-qualifier-list before ‘__u8’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_parse’:
    libxt_CHECKSUM.c:42: error: ‘struct xt_CHECKSUM_info’ has no member named ‘operation’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_print’:
    libxt_CHECKSUM.c:67: error: ‘const struct xt_CHECKSUM_info’ has no member named ‘operation’
    libxt_CHECKSUM.c: In function ‘CHECKSUM_save’:
    libxt_CHECKSUM.c:76: error: ‘const struct xt_CHECKSUM_info’ has no member named ‘operation’
    make[2]: *** [libxt_CHECKSUM.oo] Error 1
    make[1]: *** [all-recursive] Error 1
    make: *** [all] Error 2


    thoughts?

    ReplyDelete
  4. Follow-up: where are we supposed to put the Makefile in the platform distro? For example, I am trying to build and image for my nook color platform and the original source has a "net" folder that has a bunch of makefiles - which one(s) am I supposed to update: ip4, ip6, etc?

    ReplyDelete
  5. This port is now in Googe code. It is called iptables4n1. Check it out at http://code.google.com/p/iptables4n1/. Hope that will answer all questions posted here.

    ReplyDelete
  6. Hi ,

    I m trying o port iptables on Android msm kernel 2.6.35. However it comes installed with iptables 1.3.7 and when I replace it with the sources of iptables 1.4.11 and the make file as above. Server warnings and errors are thrown. Do you have an updated make file(Android.mk) for it? Please help me.

    ReplyDelete
  7. Congratulations guys, quality information you have given!!!..Its really useful blog. Thanks for sharing this useful information

    Android Training institute in chennai with placement | Android Training in chennai |Android Training in Velachery | android development course fees in chennai

    ReplyDelete
  8. This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.Android Training in chennai | Android Training|Android Training in chennai with placement | Android Training in velachery

    ReplyDelete
  9. I'm read this knowledge, It's my original word of this blog sections. We share very great knowledgeful learning post here.
    Android Training in Chennai | Dot Net Training in Chennai | Selenium Training in Chennai | Hadoop Training in Chennai with Placement

    ReplyDelete
  10. The site was so nice, I found out about a lot of great things. I like the way you make your blog posts. Keep up the good work and may you gain success in the long run.
    Click here:
    angularjs6 Training in Chennai
    Click here:
    angularjs Training in online

    ReplyDelete
  11. Thank you for this post. Thats all I are able to say. You most absolutely have built this blog website into something speciel. You clearly know what you are working on, youve insured so many corners.thanks
    Click here:
    Microsoft azure training in btm
    Click here:
    Microsoft azure training in rajajinagar

    ReplyDelete
  12. Excellent blog, I wish to share your post with my folks circle. It’s really helped me a lot, so keep sharing post like this
    Blueprism training in marathahalli


    AWS Training in chennai

    AWS Training in bangalore



    ReplyDelete
  13. Thanks you for sharing this unique useful information content with us. Really awesome work. keep on blogging
    Devops training in velachery
    Devops training in annanagar

    ReplyDelete
  14. A very nice guide. I will definitely follow these tips. Thank you for sharing such detailed article. I am learning a lot from you.

    rpa training in electronic-city | rpa training in btm | rpa training in marathahalli | rpa training in pune

    ReplyDelete
  15. Resources like the one you mentioned here will be very useful to me ! I will post a link to this page on my blog. I am sure my visitors will find that very useful
    java training in chennai | java training in bangalore

    java interview questions and answers | core java interview questions and answers

    ReplyDelete
  16. This comment has been removed by the author.

    ReplyDelete
  17. Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts

    angularjs Training in chennai
    angularjs-Training in pune

    angularjs-Training in chennai

    angularjs Training in chennai

    angularjs-Training in tambaram

    angularjs-Training in sholinganallur

    ReplyDelete
  18. You have provided a nice article, Thank you very much for this. I hope this will be useful for many people. Please keep on updating these type of blogs with good content.Thank You...
    aws online training
    aws training in hyderabad
    aws online training in hyderabad

    ReplyDelete
  19. Thank you so much for sharing this informative blog with us, this was really amazing and I’m really thankful to you.
    .. VIEW MORE:- Freelance Seo Expert in Delhi

    ReplyDelete
  20. am amzaed by the way you have explained things in this post. This post is quite interesting and i am looking forward to read more of your posts.
    mi service center in chennai
    redmi service center in chennai
    xiaomi service centre chennai
    redmi service center
    mi service center
    redmi service center near me

    ReplyDelete
  21. Nice post. Thanks for sharing! I want people to know just how good this information is in your article. It’s interesting content and Great work.
    Thanks & Regards,
    VRIT Professionals,
    No.1 Leading Web Designing Training Institute In Chennai.

    And also those who are looking for
    Web Designing Training Institute in Chennai
    SEO Training Institute in Chennai
    Photoshop Training Institute in Chennai
    PHP & Mysql Training Institute in Chennai
    Android Training Institute in Chennai

    ReplyDelete
  22. This is the exact information I am been searching for, Thanks for sharing the required infos with the clear update and required points. To appreciate this I like to share some useful information regarding Microsoft Azure which is latest and newest,

    Regards,
    Ramya

    Azure Training in Chennai
    Azure Training Center in Chennai
    Best Azure Training in Chennai
    Azure Devops Training in Chenna
    Azure Training Institute in Chennai
    Azure Training in Chennai OMR
    Azure Training in Chennai Velachery
    Azure Online Training
    Azure Training in Chennai Credo Systemz

    ReplyDelete
  23. I appreciate that you produced this wonderful article to help us get more knowledge about this topic. I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!
    angularjs online training

    apache spark online training

    informatica mdm online training

    devops online training

    aws online training

    ReplyDelete
  24. I prefer to study this kind of material. Nicely written information in this post, the quality of content is fine and the conclusion is lovely. Things are very open and intensely clear explanation of issues
    Microsoft Azure online training
    Selenium online training
    Java online training
    Python online training
    uipath online training

    ReplyDelete
  25. This comment has been removed by the author.

    ReplyDelete

  26. Nice Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end

    Check out : hadoop training in chennai cost
    hadoop certification training in chennai
    big data hadoop course in chennai with placement
    big data certification in chennai

    ReplyDelete
  27. A good blog for the people who really needs information about this. Good work keep it up.

    Education
    Technology

    ReplyDelete
  28. I think things like this are really interesting. I absolutely love to find unique places like this. It really looks super creepy though!!

    big data hadoop training cost in chennai | hadoop training in Chennai | best bigdata hadoop training in chennai | best hadoop certification in Chennai

    ReplyDelete
  29. Alleyaaircool is the one of the best home appliances repair canter in all over Delhi we deals in repairing window ac, Split ac , fridge , microwave, washing machine, water cooler, RO and more other home appliances in cheap rates

    Window AC Repair in vaishali
    Split AC Repair in indirapuram
    Fridge Repair in kaushambi
    Microwave Repair in patparganj
    Washing Machine Repair in vasundhara
    Water Cooler Repair in indirapuram
    RO Service AMC in vasundhara
    Any Cooling System in vaishali
    Window AC Repair in indirapuram

    ReplyDelete
  30. if you had done love marraige and you are facing so much problems in your life so no need to worry i will tell you the best dua for husband and wife

    ReplyDelete
  31. Thanks for a nice share you have given to us with such an large collection of information.
    Great work you have done by sharing them to all. for more info
    simply superb.PGDCA class in bhopal
    autocad in bhopal
    3ds max classes in bhopal
    CPCT Coaching in Bhopal
    java coaching in bhopal
    Autocad classes in bhopal
    Catia coaching in bhopal

    ReplyDelete
  32. Get the best nursing services baby care services medical equipment services and allso get the physiotherapist at home in Delhi NCR For more information visit our site

    nursing attendant services in Delhi NCR
    medical equipment services in Delhi NCR
    nursing services in Delhi NCR
    physiotherapist at home in Delhi NCR
    baby care services in Delhi NCR

    ReplyDelete
  33. Vanskeligheter( van bi ) vil passere. På samme måte som( van điện từ ) regnet utenfor( van giảm áp ) vinduet, hvor nostalgisk( van xả khí ) er det som til slutt( van cửa ) vil fjerne( van công nghiệp ) himmelen.

    ReplyDelete
  34. Hey, would you mind if I share your blog with my twitter group? There’s a lot of folks that I think would enjoy your content. Please let me know. Thank you.
    blue prism training in chennai | blue prism course in chennai | best blue prism training institute in chennai | blue prism course in chennai | blue prism automation in chennai | blue prism certification in chennai

    ReplyDelete
  35. Thanks for Sharing this useful information. Get sharepoint apps development from veelead solutions

    ReplyDelete
  36. thanks for sharing
    The deadly Nipah virus has resurfaced in the south Indian state of Kerala, nearly a year after it claimed 17 lives.

    A 23-year-old student in Ernakulam district was tested positive for the highly contagious virus on June 4. The state government has put 311 people, whom he had been in contact with, under observation.
    viral post

    ReplyDelete
  37. YouthHub is the Best Blog & Website which provides online news related to Best songs, comedy films, Celebrities, gadgets,
    fitness and many more.
    Bollywood
    Bollywood Comedy
    Home Salon

    ReplyDelete
  38. Thanks For sharing a nice post about AWS Training Course.It is very helpful and AWS useful for us.aws training in bangalore

    ReplyDelete
  39. Thank you for excellent article.You made an article that is interesting.
    Best AWS certification training courses. Build your AWS cloud skills with expert instructor- led classes. Live projects, Hands-on training,24/7 support.
    https://onlineidealab.com/aws-training-in-bangalore/

    ReplyDelete
  40. Your articles really impressed for me,because of all information so nice.sap tm training in bangalore

    ReplyDelete
  41. Linking is very useful thing.you have really helped lots of people who visit blog and provide them use full information.sap simple logistics training in bangalore

    ReplyDelete
  42. Being new to the blogging world I feel like there is still so much to learn. Your tips helped to clarify a few things for me as well as giving.sap wm training in bangalore

    ReplyDelete
  43. Really it was an awesome article,very interesting to read.You have provided an nice article,Thanks for sharing.sap ewm training in bangalore

    ReplyDelete
  44. This is really an awesome post, thanks for it. Keep adding more information to this.sap mm training in bangalore

    ReplyDelete
  45. thank you so much for this nice information Article, Digital marketing is tha good skill in grouth tha career For website creation, promotion and development contact here. For your digital marketing needs just have a look at Click Perfect.dot net training in bangalore

    ReplyDelete
  46. Aran’s traditional milk is pure A2 milk, Nattu Kozhi Muttai Chennai, Organic Milk Chennai, A2 Milk Chennai, Cow Milk Chennai, Naatu Maatu Paal Chennai Chennai hand-milked in a traditional way from healthy native Indian breeds and reaches your doorstep.

    Milking Process
    The milking is done from indigenous cows by using hands. No machines are used in order to ensure no harm is done to the cows

    Packing Methods
    As soon as milking is done, the milk is filtered and packed in the FSSAI certified place with hairnets and gloves on this packing is done into the 50 microns wrappers which are not reactive to the food items. Again, no machines are used for packing to contribute to the environment, as they consume more water and power.

    Milk Delivery
    As soon as packing and quality check are done, the milk packets are collected and brought for delivery.

    ReplyDelete
  47. I think this is one of the most significant information for me. And i’m glad reading your article. Thanks for sharing!

    Upgrade your career Learn AWS Training from industry experts get Complete hands-on Training, Interview preparation, and Job Assistance at Bangalore Training Academy Located in BTM Layout.

    ReplyDelete
  48. Very interesting, good job and thanks for sharing such a good blog. your article is so convincing that I never stop myself to say something about it. You’re doing a great job. Keep it up…

    Upgrade your career Learn SharePoint Developer Training in Bangalore from industry experts get Complete hands-on Training, Interview preparation, and Job Assistance at Softgen Infotech.

    ReplyDelete
  49. Thanks for sharing this fantastic blog, really very informative. Your writing skill is very good, you must keep writing this type of blogs

    Home Salon Dubai
    wedding car hire gurgaon
    wedding car hire banglore wedding car hire delhi
    wedding car hire dehradun
    wedding car hire noida

    ReplyDelete