This file contains instructions for downloading and building the kernel modules for connection tracking of RPC traffic. We give an example for a Debian Etch 4.0 R3 distribution. Prerequisites: -------------- You downloaded the kernel sources http://www.eu.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.bz2 to directory ~/Netfilter/Downloads You downloaded the iptables sources ftp://ftp.netfilter.org/pub/iptables/iptables-1.3.6.tar.bz2 to directory ~/Netfilter/Downloads You have a functional kernel build environment on your machine. Note: if you have installed the kernel-package on your Debian machine consult /usr/share/doc/kernel-package/README.gz for some background. You need at least the following package installed fakeroot kernel-package linux-source-2.6.18 linux-tree-2.6.18 shellutils bin86 libncurses-dev (libncurses5-dev) Unpack the iptables sources --------------------------- $ mkdir -p ~/Netfilter/Sources/ $ rm -rf ~/Netfilter/Sources/iptables-1.3.6 $ cd ~/Netfilter/Sources/ $ tar xjf ~/Netfilter/Downloads/iptables-1.3.6.tar.bz2 Download the patch-o-matic patch environment -------------------------------------------- $ mkdir -p ~/Netfilter/POM $ rm -rf ~/Netfilter/POM/patch-o-matic-ng.download $ cd ~/Netfilter/POM $ svn co https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng \ patch-o-matic-ng.download Prepare the symlink farming --------------------------- This allows for separation of pristine kernel sources and patched versions. $ cd $HOME $ mkdir -p $HOME/MyKernels/Standard The following commands must be executed as root $ su - # HOME= # cp /etc/kernel-pkg.conf /etc/kernel-pkg.conf.orig # echo "MODULE_LOC=$HOME/MyKernels/Standard/modules" >> /etc/kernel-pkg.conf # perl -pi -e 's/^maintainer.*/maintainer := /g' /etc/kernel-pkg.conf # perl -pi -e 's/^email.*/email := /g' /etc/kernel-pkg.conf # echo 'debian := 5:501c' >> /etc/kernel-pkg.conf # mkdir -p $HOME/MyKernels/Standard/modules # chown -R : $HOME/MyKernels/Standard/modules # exit END as root Unpack the kernel sources ------------------------- $ cd $HOME/MyKernels/Standard/ $ rm -rf linux-2.6.18 $ tar xjf ~/Netfilter/Downloads/linux-2.6.18.tar.bz2 Perform the symlink farming for your kernel version --------------------------------------------------- $ myflavour=my.2.6.18.pom.rpc $ rm -rf $HOME/MyKernels/Standard/$myflavour $ mkdir -p $HOME/MyKernels/Standard/$myflavour $ cd $HOME/MyKernels/Standard/$myflavour $ lndir ../linux-2.6.18 Apply the POM patches to your kernel ------------------------------------ Note: due to the above symlink farming the original kernel sources will not be patched. All patches are applied the linked version below $HOME/MyKernels/Standard/$myflavour $ myflavour=my.2.6.18.pom.rpc $ cd ~/Netfilter/POM/patch-o-matic-ng.download # check that your are really up-to-date $ svn status -u $ svn update Check that the sources.list file contains the link to the external repository for the rpc modules http://people.netfilter.org/regens/pom/ Remove old versions of the rpc patchlet $ rm -rf ~/Netfilter/POM/patch-o-matic-ng.download/patchlets/rpc Now we download the sources from the external repositories listed in file sources.list and apply 'pending' patches. $ KERNEL_DIR=$HOME/MyKernels/Standard/$myflavour \ IPTABLES_DIR=$HOME/Netfilter/Sources/iptables-1.3.6 \ ./runme --download --batch pending The next command applies the external patchlet 'rpc' $ KERNEL_DIR=$HOME/MyKernels/Standard/$myflavour \ IPTABLES_DIR=$HOME/Netfilter/Sources/iptables-1.3.6 \ ./runme --batch rpc Check the applied patches in the sym-linked tree $ ls $HOME/MyKernels/Standard/$myflavour/net/ipv4/netfilter $ ls $HOME/MyKernels/Standard/$myflavour/include/linux/netfilter_ipv4 Configure your patched kernel ----------------------------- $ myflavour=my.2.6.18.pom.rpc $ cd $HOME/MyKernels/Standard/$myflavour $ make menuconfig Just exit and save $ cp .config config.base Now do the real config Add RPC conntrack $ make menuconfig Symbol: IP_NF_MATCH_RPC [=m] Prompt: RPC match support Defined at net/ipv4/netfilter/Kconfig:684 Depends on: NET && INET && NETFILTER && IP_NF_CONNTRACK && IP_NF_IPTABLES Location: -> Networking -> Networking support (NET [=y]) -> Networking options -> Network packet filtering (replaces ipchains) (NETFILTER [=y]) -> IP: Netfilter Configuration $ cp .config config.pom.rpc $ diff config.base config.pom.rpc 4c4 < # Tue Apr 15 18:56:53 2008 --- > # Tue Apr 15 18:57:30 2008 580c580 < # CONFIG_IP_NF_MATCH_RPC is not set --- > CONFIG_IP_NF_MATCH_RPC=m Compile the kernel an build a portable kernel image .deb file ------------------------------------------------------------- $ myflavour=my.2.6.18.pom.rpc $ cd $HOME/MyKernels/Standard/$myflavour If you do not have the Debian kernel build environment do what ever is appropriate for the kernel build environment of your distribution. On the Debian machine we execute the following commands $ make-kpkg clean $ fakeroot make-kpkg --initrd --revision=3:pom.2.6.18.rpc.1 kernel_image \ 2>&1 | tee build.log Install the portable kernel image .deb file on some (other) machine ------------------------------------------------------------------- After a succesful build the package for the kernel image is available in ~/MyKernels/Standard/linux-image-2.6.18_pom.2.6.18.rpc.1_i386.deb Copy that package to the other Debina machine into, e.g. /usr/src/linux-image-2.6.18_pom.2.6.18.rpc.1_i386.deb On the other Debina machine do as root $ mv /lib/modules/2.6.18 /lib/modules/save.2.6.18 $ dpkg -i /usr/src/linux-image-2.6.18_pom.2.6.18.rpc.1_i386.deb $ /usr/sbin/update-grub Now reboot the machine and test your new kernel with RPC connection tracking. Have fun!