Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iptables-1.4.16 + imq
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
dafqq
n00b
n00b


Joined: 17 Apr 2013
Posts: 25

PostPosted: Fri Apr 19, 2013 6:41 pm    Post subject: iptables-1.4.16 + imq Reply with quote

Hello,

Could someone tell me how to patch imq+iptables ? last time when i used img+iptables it was at kernel 2.6 and i just emerge iptables with "extension" flag. Should i download iptables from netfilter, patch manualy and make simlink to iptables?

Kernel-3.7.10 iptables-1.4.16

Regards
Back to top
View user's profile Send private message
Maitreya
Guru
Guru


Joined: 11 Jan 2006
Posts: 441

PostPosted: Sun Apr 21, 2013 6:07 pm    Post subject: Reply with quote

I don't need it myself but I guess it's a good exercise :

You can make a local overlay for these 2 packages

Quote:

~/mkdir -p /usr/local/portage/sys-kernel
~/mkdir -p /usr/local/portage/net-firewall
~/cp -r /usr/portage/sys-kernel/gentoo-sources /usr/local/portage/sys-kernel
~/cp -r /usr/portage/net-firewall/iptables /usr/local/portage/iptables


Add an epatch to "/usr/local/portage/net-firewall/iptables/iptables-1.4.16.3.ebuild"

Change :
Quote:

src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h

# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}


To

Quote:

src_prepare() {
# use the saner headers from the kernel
rm -f include/linux/{kernel,types}.h

epatch "${FILESDIR}"/${P}-imq.patch

# Only run autotools if user patched something
epatch_user && eautoreconf || elibtoolize
}


Get the patch supplied from LinuxIMQ

Quote:

~/wget http://www.linuximq.net/patches/iptables-1.4.13-IMQ-test1.diff
~/cp iptables-1.4.13-IMQ-test1.diff /usr/local/portage/iptables/files/iptables-1.4.16.3-imq.patch


Now remove the version prefixed paths from /usr/local/portage/iptables/files/iptables-1.4.16.3-imq.patch.

Quote:

diff -Naur iptables-1.4.12.2/extensions/libxt_IMQ.c iptables-1.4.12.2-imq/extensions/libxt_IMQ.c
--- iptables-1.4.12.2/extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300


Would be

Quote:

diff -Naur extensions/libxt_IMQ.c iptables-1.4.12.2-imq/extensions/libxt_IMQ.c
--- extensions/libxt_IMQ.c 1970-01-01 02:00:00.000000000 +0200
+++ iptables-1.4.12.2-imq/extensions/libxt_IMQ.c 2011-09-30 13:53:21.000000000 +0300


There are three of these sections in the patch file.

Now the validate the added patch to portage digest your ebuild

Quote:

~/ebuild /usr/local/portage/net-firewall/iptables/iptables-1.4.16.3.ebuild digest


And emerge it :)



Now for the kernel :

Add a "src_prepare" section to /usr/local/portage/sys-kernel/gentoo-sources/gentoo-sources-3.7.10.ebuild

Between
Quote:

SRC_URI="${KERNEL_URI} ${GENPATCHES_URI} ${ARCH_URI}"

pkg_postinst() {


You add :
Quote:

src_prepare(){
epatch "${FILESDIR}"/9999_imq.patch
}


Download the patch for the kernel and add it to your local ebuild

Quote:

~/wget http://www.linuximq.net/patches/patch-imqmq-3.7.diff.xz
~/unxz patch-imqmq-3.7.diff.xz
~/mkdir /usr/local/portage/sys-kernel/gentoo-sources/files
~/cp patch-imqmq-3.7.diff /usr/local/portage/sys-kernel/gentoo-sources/9999_imq.patch


Now digest this ebuild, emerge it and configure

Quote:

~/ebuild /usr/local/portage/sys-kernel/gentoo-sources/gentoo-sources-3.7.10.ebuild digest
~/emerge gentoo-sources
~/cd /usr/src/linux-3.7.10-gentoo
~/make menuconfig


If everything went correctly you can search for "imq" and it will give its patched options
Back to top
View user's profile Send private message
dafqq
n00b
n00b


Joined: 17 Apr 2013
Posts: 25

PostPosted: Wed Apr 24, 2013 8:16 pm    Post subject: Reply with quote

Hi,
Thx for help:)

But when i emerge iptables and i wanna try it i get:

Code:
iptables -nvL
iptables v1.4.16.3: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.



My .config

Code:
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y

#
# Core Netfilter Configuration
#
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_ZONES=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CT_PROTO_DCCP=m
CONFIG_NF_CT_PROTO_GRE=m
CONFIG_NF_CT_PROTO_SCTP=m
CONFIG_NF_CT_PROTO_UDPLITE=m
CONFIG_NF_CONNTRACK_AMANDA=m
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_H323=m
CONFIG_NF_CONNTRACK_IRC=m
CONFIG_NF_CONNTRACK_BROADCAST=m
CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_SNMP=m
CONFIG_NF_CONNTRACK_PPTP=m
CONFIG_NF_CONNTRACK_SANE=m
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_CONNTRACK_TFTP=m
CONFIG_NF_CT_NETLINK=m
# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
# CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_NAT_PROTO_DCCP=m
CONFIG_NF_NAT_PROTO_UDPLITE=m
CONFIG_NF_NAT_PROTO_SCTP=m
CONFIG_NF_NAT_AMANDA=m
CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
CONFIG_NF_NAT_TFTP=m
CONFIG_NETFILTER_TPROXY=m
CONFIG_NETFILTER_XTABLES=y

#
# Xtables combined modules
#
CONFIG_NETFILTER_XT_MARK=m
CONFIG_NETFILTER_XT_CONNMARK=m

#
# Xtables targets
#
CONFIG_NETFILTER_XT_TARGET_AUDIT=m
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
CONFIG_NETFILTER_XT_TARGET_CT=m
CONFIG_NETFILTER_XT_TARGET_DSCP=m
CONFIG_NETFILTER_XT_TARGET_HL=m
CONFIG_NETFILTER_XT_TARGET_HMARK=m
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_IMQ=m
CONFIG_NETFILTER_XT_TARGET_MARK=m
CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
CONFIG_NETFILTER_XT_TARGET_RATEEST=m
CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TEE=m
CONFIG_NETFILTER_XT_TARGET_TPROXY=m
CONFIG_NETFILTER_XT_TARGET_TRACE=m
CONFIG_NETFILTER_XT_TARGET_SECMARK=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m

#
# Xtables matches
#
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CLUSTER=m
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_CPU=m
CONFIG_NETFILTER_XT_MATCH_DCCP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NETFILTER_XT_MATCH_DSCP=m
CONFIG_NETFILTER_XT_MATCH_ECN=m
CONFIG_NETFILTER_XT_MATCH_ESP=m
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
CONFIG_NETFILTER_XT_MATCH_HELPER=m
CONFIG_NETFILTER_XT_MATCH_HL=m
CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
CONFIG_NETFILTER_XT_MATCH_LENGTH=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_MAC=m
CONFIG_NETFILTER_XT_MATCH_MARK=m
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
CONFIG_NETFILTER_XT_MATCH_NFACCT=m
CONFIG_NETFILTER_XT_MATCH_OSF=m
CONFIG_NETFILTER_XT_MATCH_OWNER=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
CONFIG_NETFILTER_XT_MATCH_QUOTA=m
CONFIG_NETFILTER_XT_MATCH_RATEEST=m
CONFIG_NETFILTER_XT_MATCH_REALM=m
CONFIG_NETFILTER_XT_MATCH_RECENT=m
CONFIG_NETFILTER_XT_MATCH_SCTP=m
CONFIG_NETFILTER_XT_MATCH_SOCKET=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_TIME=m
CONFIG_NETFILTER_XT_MATCH_U32=m
# CONFIG_IP_SET is not set
# CONFIG_IP_VS is not set

#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_CONNTRACK_PROC_COMPAT=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_NF_NAT_IPV4=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_NF_NAT_SNMP_BASIC=m
CONFIG_NF_NAT_PROTO_GRE=m
CONFIG_NF_NAT_PPTP=m
CONFIG_NF_NAT_H323=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m


I almost sure that i have complete kernel config and its correct, here is my syslog file


Code:
iptable_filter: disagrees about version of symbol xt_hook_link
iptable_filter: Unknown symbol xt_hook_link (err -22)
iptable_filter: disagrees about version of symbol ipt_alloc_initial_table
iptable_filter: Unknown symbol ipt_alloc_initial_table (err -22)
iptable_filter: disagrees about version of symbol ipt_do_table
iptable_filter: Unknown symbol ipt_do_table (err -22)
iptable_filter: disagrees about version of symbol register_pernet_subsys
iptable_filter: Unknown symbol register_pernet_subsys (err -22)
iptable_filter: disagrees about version of symbol ipt_unregister_table
iptable_filter: Unknown symbol ipt_unregister_table (err -22)
iptable_filter: disagrees about version of symbol xt_hook_unlink
iptable_filter: Unknown symbol xt_hook_unlink (err -22)
iptable_filter: disagrees about version of symbol unregister_pernet_subsys
iptable_filter: Unknown symbol unregister_pernet_subsys (err -22)
iptable_filter: disagrees about version of symbol ipt_register_table
iptable_filter: Unknown symbol ipt_register_table (err -22)
iptable_filter: disagrees about version of symbol xt_hook_link
iptable_filter: Unknown symbol xt_hook_link (err -22)


I try to use modprobe

Code:
modprobe iptable_filter
modprobe: ERROR: could not insert 'iptable_filter': Invalid argument
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum