Re: How are external kernel modules loaded?
On 5/26/2012 6:48 PM, Andris Kalnozols wrote:
I'm running Debian squeeze on an amd64 system and want to use the
current version (4.5) of ipset instead of version 2.5 in the
stable release.
After doing the following steps:
install ipset source from http://ipset.netfilter.org/install.html
apt-get install linux-source-2.6.32
cd /usr/src
bzip2 -dc linux-source-2.6.32.tar.bz2 | tar xf -
cd /usr/src/linux-source-2.6.32
make defconfig
make modules
cd /usr/local/src/ipset/ipset-4.5
make KERNEL_DIR=/usr/src/linux-source-2.6.32
make KERNEL_DIR=/usr/src/linux-source-2.6.32 install
I am tantalizingly close but still no cigar:
ipset -v
ipset v4.5, protocol version 4.
FATAL: Module ip_set not found.
ipset v4.5: Couldn't verify kernel module version!
The ipset modules have been installed here:
cd /lib/modules/2.6.32/extra
ip_set.ko ip_set_ipportiphash.ko
ip_set_macipmap.ko ipt_SET.ko
ip_set_iphash.ko ip_set_ipportnethash.ko
ip_set_nethash.ko ipt_set.ko
ip_set_ipmap.ko ip_set_iptree.ko ip_set_portmap.ko
ip_set_ipporthash.ko ip_set_iptreemap.ko ip_set_setlist.ko
Please tell me what's the best way to configure the system
to always find and load these modules. My web searches for
a how-to in this regard have come up empty.
Thanks,
Andris
OK, following up on my own post, I ran across these two hints:
http://linux.die.net/lkmpg/x380.html
http://crunchbanglinux.org/forums/topic/12534/compiling-and-linking-a-simple-module/
I already had the linux-headers-2.6.32-5-amd64 package installed
and so concentrated my efforts on convincing the ipset Makefile
that `KERNEL_DIR=/usr/src/linux-headers-2.6.32-5-amd64' was my
kernel source directory. That seemed to work until the Makefile
wanted to see this file:
$(KERNEL_DIR)/net/ipv4/netfilter/Kconfig
It just so happens that the linux-source-2.6.32 package has it:
/usr/src/linux-source-2.6.32/net/ipv4/netfilter/Kconfig
Adding the following symlink did the trick:
cd /usr/src/linux-headers-2.6.32-5-amd64
ln -s ../linux-source-2.6.32/net net
So, the updated procedure for getting the current version of
ipset installed is:
install ipset source from http://ipset.netfilter.org/install.html
apt-get install linux-headers-2.6.32-5-amd64
apt-get install linux-source-2.6.32
cd /usr/src
bzip2 -dc linux-source-2.6.32.tar.bz2 | tar xf -
cd /usr/src/linux-headers-2.6.32-5-amd64
ln -s ../linux-source-2.6.32/net net
cd /usr/local/src/ipset/ipset-4.5
make KERNEL_DIR=/usr/src/linux-headers-2.6.32-5-amd64
make KERNEL_DIR=/usr/src/linux-headers-2.6.32-5-amd64 install
depmod # just to make sure
and voila:
ipset -v
ipset v4.5, protocol version 4.
Kernel module protocol version 4.
Now on to constructing the ipset blacklist and configuring Shorewall
to use it.
------
Andris
Reply to: