Hello, On Tue, 2 Oct 2007, KOVACS Krisztian wrote:
Netfilter connection tracking requires all IPv4 packets to be defragmented. Both the socket match and the TPROXY target depend on this functionality, so this patch separates the Netfilter IPv4 defrag hooks into a separate module.
With this patch taken from: http://people.netfilter.org/hidden/tproxy/tproxy4-2.6.23-200710090922.tar.bz2 with: # CONFIG_NF_CONNTRACK_ENABLED is not set # CONFIG_NF_CONNTRACK is not set I get: net/ipv4/netfilter/nf_defrag_ipv4.c: In function 'ipv4_conntrack_defrag': net/ipv4/netfilter/nf_defrag_ipv4.c:44: error: 'struct sk_buff' has no member named 'nfct' make[3]: *** [net/ipv4/netfilter/nf_defrag_ipv4.o] Error 1 make[2]: *** [net/ipv4/netfilter] Error 2 make[1]: *** [net/ipv4] Error 2 This is not a surprise since: --- cut here --- #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) struct nf_conntrack *nfct; struct sk_buff *nfct_reasm; #endif --- cut here --- Best regards, Krzysztof Olędzki
