On Sun, Sep 12, 2004 at 01:33:41PM -0700, Kenneth Porter wrote: > I wanted to try the experimental TARPIT module from netfilter, and because > it's experimental, neither the upstream kernel team nor Red Hat will > incorporate this into the stock kernel. This is of course perfectly > reasonable. > > But since netfilter modules are kernel modules, it seems like it should be > straightforward to package them as free-standing packages. Has anyone tried > to do this? What success have you had? > > Another factor is that the kernel module will need matching machinery in > the iptables userspace program to select the module and parse its options. > (eg. for TARPIT, it would parse the "-j TARPIT" command.) I believe > currently this requires a recompile of the utility. Has any work been done > to make this more modular, with runtime selection of additional parsing > routines? That would allow the userspace parsing piece to be supplied in > the kernel module package to be dropped in a suitable directory for use at > runtime. It's also modular, using shared libraries (/lib/iptables/*.so). -- Consciousness: that annoying time between naps.
