On Sun, 12 Sep 2004 13:33:41 -0700, Kenneth Porter wrote: > I wanted to try the experimental TARPIT module from netfilter, and because > it's experimental, neither the upstream kernel team nor Red Hat will > incorporate this into the stock kernel. This is of course perfectly > reasonable. > > But since netfilter modules are kernel modules, it seems like it should be > straightforward to package them as free-standing packages. Has anyone tried > to do this? What success have you had? > > Another factor is that the kernel module will need matching machinery in > the iptables userspace program to select the module and parse its options. > (eg. for TARPIT, it would parse the "-j TARPIT" command.) I believe > currently this requires a recompile of the utility. Has any work been done > to make this more modular, with runtime selection of additional parsing > routines? That would allow the userspace parsing piece to be supplied in > the kernel module package to be dropped in a suitable directory for use at > runtime. Last time I looked at it, the iptables userspace tarball used hidden scripts to examine the kernel source code tree for what's available. That was with kernel 2.4.x and FC1, though. -- Fedora Core release 2 (Tettnang) - Linux 2.6.8-1.521 loadavg: 1.38 1.19 1.07
