OpenWrt Forum Archive

Topic: HOWTO: Patching the kernel for new iptables extensions like connlimit

The content of this topic has been archived on 2 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
yissnn
28 Jul 2005, 11:43

Hello all,

I've been dealing with this for a few days, asking here and there and reading many howtos... Finally I got a solution that worked at least for my specific case, but which could probably work for others. I've tested it with whitereussian rc1 and rc2, so kernel-2.4.30 iptables-1.3.1. And on a wrt54g v2.2. But AFAIK, it should also work in any other version of hardware and software.

1) you need the buildroot.
2) download patch-o-matic-ng (p-o-m) from netfilter.org
3) uncompress p-o-m somewhere handy
4) you can use p-o-m tools to patch the kernel if you know howto... I didn't like very much this way so I did it by hand:
   in the uncompressed p-o-m folder, you find another folder called patchlets. there are all the extensions, one per folder. Inside this folders, you will probably find all the required files to patch the kernel. I only looked inside connlimit as I only needed it. Most of them will probably be the same as this. Inside this connlimit directory, you have different parches depending on kernel version. Use the 'linux' folder, as it is for kernels 2.4
5) inside p-o-m_path/patchlets/connlimit/linux/ there are 3 folders. They have their equivalents in the kernel tree, so their contents should be in the same place in the kernel tree. Some of the files contained in this folders have an .ladd extension. Theses ones should be ADDED to its equivalent already existing files of the kernel tree. Let's see it step by step.

Previous note: path-to-kernel-tree is openwrt/build_mipsel/linux for both whiterussian rc1 and rc2.

--file: Documentation/Configure.help.ladd
       This file contains the additional info that you are shown when you select help on a subject inside the 'maek menuconfig'; just add the contents in the end of the file (if you want to be more clean, add them somewhere logical, close to the conntrack help info or so).
       Use this command: cat Documentation/Configure.help.ladd >> path-to-kernel-tree/Documentation/Configure.help

--file: include/linux/netfilter_ipv4/ipt_connlimit.h
       C headers. Just place them int its equivalent place.
       Use this command: cp include/linux/netfilter_ipv4/ipt_connlimit.h path-to-kernel-tree/include/linux/netfilter_ipv4/

--file: net/ipv4/netfilter/Config.in.ladd
       Not sure of its contents. I think it enables not intalled/module/built-in options for the extension
       Again, add it in the end of the equivalent kernel tree file.
       Use this command: cat net/ipv4/netfilter/Config.in.ladd >> path-to-kernel-tree/net/ipv4/netfilter/Config.in

--file: net/ipv4/netfilter/ipt_connlimit.c
       Source code for the extension. Just copy it to the correct place
       Use this command: cp net/ipv4/netfilter/ipt_connlimit.c path-to-kernel-tree/net/ipv4/netfilter/

--file: net/ipv4/netfilter/Makefile.ladd
       Makefile configuration to enable the compilation of the extension. Not sure if it can be just added in the end of the equivalent makefile. What I did is edit the original kernel-tree Makefile in this specific folder (path-to-kernel-tree/net/ipv4/netfilter/) and add the contents of the file just after the conntrack configuration, before "NAT helpers"

6) change to kernel tree directory (cd path-to-kernel-tree/), make menuconfig. Select the desired option and save changes.
7) Compile it.

It works!!!!

Iurgi Arginzoniz

Post #2
yissnn
28 Jul 2005, 11:49

probably someoen could do an easy patch out of this... or tell me how to do it. I'll try to do it myself anyway...

Iurgi

(Last edited by yissnn on 28 Jul 2005, 11:49)

The discussion might have continued from here.