Packaging optional netfilter modules
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Sun Sep 12 21:45:11 UTC 2004
On Sun, Sep 12, 2004 at 01:33:41PM -0700, Kenneth Porter wrote:
> I wanted to try the experimental TARPIT module from netfilter, and because
> it's experimental, neither the upstream kernel team nor Red Hat will
> incorporate this into the stock kernel. This is of course perfectly
> reasonable.
>
> But since netfilter modules are kernel modules, it seems like it should be
> straightforward to package them as free-standing packages. Has anyone tried
> to do this? What success have you had?
>
> Another factor is that the kernel module will need matching machinery in
> the iptables userspace program to select the module and parse its options.
> (eg. for TARPIT, it would parse the "-j TARPIT" command.) I believe
> currently this requires a recompile of the utility. Has any work been done
> to make this more modular, with runtime selection of additional parsing
> routines? That would allow the userspace parsing piece to be supplied in
> the kernel module package to be dropped in a suitable directory for use at
> runtime.
It's also modular, using shared libraries (/lib/iptables/*.so).
--
Consciousness: that annoying time between naps.
More information about the fedora-devel-list
mailing list