-
Notifications
You must be signed in to change notification settings - Fork 51
PatchingKernel
What you will need:
-
a recent kernel source (we recommend to use the last stable version)
-
the latest IMQ patch for the given kernel version
-
stuff needed for compiling the kernel(you will probably need gcc, make, and binutils)
-
you have to be able to configure, compile and install a kernel by yourself before attempting to install IMQ
Untar the kernel source:
tar xjf linux-XXX.tar.bz2
Change directory into the kernel source tree's root:
cd linux-XXX
Patch the kernel:
patch -p1 < linux-XXX-imq.diff
XXX is the version of the kernel.
If the patch applied cleanly, then go on to configuring and compiling the kernel. (If you see lines similar to Hunk #1 FAILED at 3040., then something went wrong. Check that the patch is suitable for the given kernel version, and that your kernel source is not altered or broken.
Configure the kernel as you used to (eg. menuconfig, xconfig, oldconfig, config, ...).
You must set at least these variables to have IMQ work:
CONFIG_IMQ (Network device support/IMQ (intermediate queueing device) support)
CONFIG_IP_NF_TARGET_IMQ (Networking options/IP: Netfilter Configuration/IMQ target support) and its dependencies:
CONFIG_NETFILTER (Networking options/Network packet filtering (replaces ipchains))
CONFIG_IP_NF_IPTABLES (Networking options/IP: Netfilter Configuration/IP tables support (required for filtering/masq/NAT))
CONFIG_IP_NF_MANGLE (Networking options/IP: Netfilter Configuration/Packet mangling)
optionally CONFIG_IP6_NF_TARGET_IMQ (Networking options/IPv6: Netfilter Configuration/IMQ target support)
CONFIG_IPV6 (Networking options/The IPv6 protocol)
CONFIG_IP6_NF_IPTABLES (Networking options/IPv6: Netfilter Configuration/IP6 tables support (required for filtering/masq/NAT))
CONFIG_IP6_NF_MANGLE (Networking options/IPv6: Netfilter Configuration/Packet mangling)
CONFIG_NET_SCHED (Networking options/QoS and/or fair queueing/QoS and/or fair queueing)
CONFIG_IP_NF_TARGET_MARK (Networking options/IP: Netfilter Configuration/MARK target support)
CONFIG_IP6_NF_TARGET_MARK (Networking options/IPv6: Netfilter Configuration/MARK target support) and some netfilter match targets
You can put any or all of these parts in modules if you like (and is possible because of dependencies). You can compile and install the kernel as you usually do.
What you will need:
-
a relatively recent iptables source
-
the latest IMQ patch for the given version of iptables
-
some familiarity with compiling and installing an application from source
Step-by-step instructions
Source and tools in hand, change directory:
cd /usr/src/iptables-XXX/
Patching iptables:
patch -p1 < iptables-XXX-imq.diff
And chmod the scripts it creates:
chmod +x extensions/.IMQ-test*
Now you have patched source.
Make sure you removed old iptables installation (esp. remove your distro's package, if installed); otherwise you may end up with a screwed install (iptables binary finds modules in the wrong place), and it won't work.