[Voyage-linux] IMQ support for iptables

Kim-man "Punky" TSE (spam-protected)
Thu Oct 19 00:25:02 HKT 2006 

Hi Cool,

I have been evaluating the possibility of patching the iptables in 
voyage.  The way to make a custom iptables included in voyage is far 
difficult than you could imagine.  It is because iptables in voyage is 
from debian package.  If you completely replace the whole iptables 
stuff, next time you run apt-get upgrade when there is a update of 
iptables package available, the new iptables may smash things up. 

I have also investigated to patch the source package, then rebuild 
iptables debian package.  But it is not successful because the current 
iptables COPY part of the patched kernel headers in the iptables source 
package BUT NOT pointing the IMQ patched kernel source.  (I hope you 
know what I mean, otherwise, please ask)

To patch iptables is not a tough task, but with a debian environment it 
is more difficult.  When you are a distro maintainer, you will need to 
consider:
1. apt-get upgrade won't break anything and the existing iptables 
function stay as is.
2. the obligation to keep the both patched iptables and new version of 
IMQ modules up-to-date.
3. the patched IMQ iptables modules can incorporate to the current daily 
build process.

Moreover, I feel a bit uncomfortable with IMQ is that it modifies skbuff 
(socket buffer) data structure in kernel.  And this is major hurdle for 
me to patch the iptables debian package.

Let's discuss.

Regards,
Punky


Cool/Explosion wrote:
> Hi,
> there is small HOWTO patch iptables 1.3.x (i test it on 1.3.5 
> snapshoots and 1.3.6)
> # cd /usr/src/
> #wget http://linux.coolexs.net/pool/imq/iptables-1.3.0-imq1.diff
>
> # cd /usr/src/iptables
> # patch -p1 < ../iptables-1.3.0-imq1.diff
> patching file extensions/.IMQ-test6
> patching file extensions/libip6t_IMQ.c
> patching file extensions/.IMQ-test
> patching file extensions/libipt_IMQ.c
>
> # chmod a+x ./extensions/.IMQ-test
> # chmod a+x ./extensions/.IMQ-test6
> # make
> Making dependencies: please wait...
> ...
> ar rv libipq/libipq.a libipq/libipq.o
> ar: creating libipq/libipq.a
> a - libipq/libipq.o
> rm libiptc/libip6tc.o libiptc/libip4tc.o libipq/libipq.o
>
> # make install
>
> It's all...
>
> To Punky: Please patch iptables in curret version...
>
>
> Bye CooEx...
>


-- 
 

P U N K N ! X  . c o m
Technology + Lifestyle
(http://www.punknix.com)

V O Y A G E . H K - http://www.voyage.hk
Linux - voyage-0.2 is released!
Store - New low price for Senao NMP-8602 Plus (400mW)!

More information about the Voyage-linux mailing list