BTW, in general is it better to use in-kernel modules or kernel modules
bundled with ipset? Personally I'd better pushed required patches into
our kernels and suggested users to use them, but where it's better to
pull such patches from?
My own personal preference since last year has been to integrate the
kernel modules as part of the kernel built and then use modified .spec
file to build ipset (the userspace executable).
There are a couple of reasons for this, not least because every time I
need to build/change the kernel (and that happens more often than
building ipset - at least in my case, as I am testing different things
in the kernel for different machines at one time) I have to reinstall
the buildsys packages (I use Fedora) and tailor them for the new kernel
in order to allow ipset kernel modules to be built, then rebuild ipset
(userspace) as well - too much hassle.
What I do to avoid all that is create a patch based on the ipset kernel
module sources as well as the ipset Kconfig/Kbuild menu options and then
integrate that patch as part of the kernel built. That has never failed
except the last time with the above version of ipset, but Jozsef
provided a quick work-around and I am happy with it - it works!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
