[PATCH 19.07] nf-conntrack: allow querying conntrack info in nfqueue

[Etan Kissling]

This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".

Backport from master.

Signed-off-by: Etan Kissling <etan_kissling at apple.com>
---
 package/kernel/linux/modules/netfilter.mk | 2 +-
 target/linux/generic/config-4.14          | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/package/kernel/linux/modules/netfilter.mk b/package/kernel/linux/modules/netfilter.mk
index 53188eab5a..c1db9aa203 100644
--- a/package/kernel/linux/modules/netfilter.mk
+++ b/package/kernel/linux/modules/netfilter.mk
@@ -1013,7 +1013,7 @@ $(eval $(call KernelPackage,nfnetlink-queue))
 define KernelPackage/nf-conntrack-netlink
   TITLE:=Connection tracking netlink interface
   FILES:=$(LINUX_DIR)/net/netfilter/nf_conntrack_netlink.ko
-  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y
+  KCONFIG:=CONFIG_NF_CT_NETLINK CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NETFILTER_NETLINK_GLUE_CT=y
   AUTOLOAD:=$(call AutoProbe,nf_conntrack_netlink)
   $(call AddDepends/nfnetlink,+kmod-ipt-conntrack)
 endef
diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index d54ede9efd..25b3de9f18 100644
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -3252,6 +3252,7 @@ CONFIG_NF_CONNTRACK_PROCFS=y
 # CONFIG_NF_CONNTRACK_ZONES is not set
 # CONFIG_NF_CT_NETLINK is not set
 # CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NF_CT_NETLINK_HELPER is not set
 # CONFIG_NF_CT_PROTO_DCCP is not set
 # CONFIG_NF_CT_PROTO_GRE is not set
 # CONFIG_NF_CT_PROTO_SCTP is not set
-- 
2.21.1 (Apple Git-122.3)