=================
CC [M] /root/ipset-4.4/kernel/ipt_set.o
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_init':
/root/ipset-4.4/kernel/ipt_set.c:244: warning: implicit declaration of
function `ipt_register_match'
/root/ipset-4.4/kernel/ipt_set.c: In function `ipt_ipset_fini':
/root/ipset-4.4/kernel/ipt_set.c:249: warning: implicit declaration of
function `ipt_unregister_match'
================
No, you cannot solve the compatibility that way. Please write back the
kernel version check to KERNEL_VERSION(2,6,16) and manually modify all
xt_register_match|target, xt_unregister_match|target calls in ipt_set.c
and ipt_SET.c speficying two arguments, the first one filled out as
AF_INET, eg:
static int __init ipt_ipset_init(void)
{
return xt_register_match(AF_INET, &set_match);
}
That is exactly what I did, and it compiled without error. After that I
did KERNEL_DIR=... make install and installed the whole thing.
HOWEVER, it still does not work!
After reboot, when I try 'ipset --version' it tells me it does not know
the kernel version, so I looked at /lib/modules/2.6.16.60/ and saw that
in a directory called 'extra' there were all the ipset modules sitting.
So what I did is modprobe all .ko files to load them into the memory.
lsmod confirmed it that they are loaded without errors.
So, hopeful that I finally cracked it I executed 'iptables -I blacklist
1 -m set --match-set test dst -j DROP' (I created the treemap called
'test' prior to that) and got this message:
iptables v1.3.7: Unknown arg `--match-set'
Try `iptables -h' or 'iptables --help' for more information.
Looked in /usr/lib/iptables/ and there are two additional files
libipt_set.so and libipt_SET.so, which were installed by the newly
compiled version of iptables so don't know why it does not work!
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
