Add modules to iptables without compiling the kernel in kernel 2.6

Read the platinum file written by the sibling in the 2.4 kernel. IptablesAdd a module and try it in the 2.6 kernel. After one and a half days of hard work, refer to the platinum article,
Finally succeeded, write it down and share it with the Cu guys, my system is fedora2 + linux-2.6.5-1.358

1. Install the kernel source code.
[Root @ jiecho] # Yum install kernel-Source

2. Download iptables-1.3.3.tar.bz2and patch-o-matic-ng-20050810.tar.bz2 and unpack them. For convenience, we put them under/usr/src,
AndIptablesSymbolic Link.
[Root @ jiecho] # cd/usr/src
[Root @ jiecho] # wget ftp://ftp.be.netfilter.org/pub/netfilter/iptables/iptables-1.3.3.tar.bz2
[Root @ jiecho] # wget ftp://ftp.be.netfilter.org/pub/netfilter/patch-o-matic-ng/snapshot/patch-o-matic-ng-20050810.tar.bz2
[Root @ jiecho] # tar-jxvf iptables-1.3.3.tar.bz2
[Root @ jiecho] # tar-jxvf patch-o-matic-ng-20050810.tar.bz2
[Root @ jiecho] # ln-s Linux learning-2.6.5-1.358 Linux Learning
[Root @ jiecho] # ln-s iptables-1.3.3Iptables

3. Patch netfilter, select the module you want, and select ipp2p and time for testing.
[Root @ jiecho] # cd/usr/src/Linux
[Root @ jiecho] # Make mrproper
[Root @ jiecho] # Make menuconfig
Do nothing. Save and exit, and change the makefile.
[Root @ jiecho] # vi makefile
Change extraversion =-1.358custom to extraversion =-1.358
Keep the version consistent with the version of uname-A (For details, refer to the article of the platinum brother)
[Root @ jiecho] # cd/usr/src/patch-o-matic-ng-20050810.
[Root @ jiecho] #./runme ipp2p
[Root @ jiecho] #./runme time
Because the symbolic link is prepared in advance, wait for you to ask the kernel andIptablesYou can directly press Enter when the location is located,
If you want to add the ipp2p and time modules, confirm Y. So far, the netfilter patch is complete. If you need other modules, add them as needed.

4. Compile the kernel modules
[Root @ jiecho] # cd/usr/src/Linux
[Root @ jiecho] # Make menuconfig
In Device Drivers->; Networking Support->; networking options->; network packet filtering (replaces ipchains)
->; IP: select the following two m items in netfilter configuration.
<M>; time match support
<M>; ipp2p match support
Save and exit
4. Compile and install the module
The following is the most important step, because our principle is to save time, not re-compile the kernel, but only compile the modules,
The 2.4 kernel is different from the 2.6 kernel. I am depressed for a whole day. The 2.4 kernel module is in the form of *. O, And the 2.6 kernel is in the form of *. Ko,
This has a way to change, refer to: http://blog.chinaunix.net/article.php? ArticleID = 40742 & blogid = 2662
[Root @ jiecho] # Make modules
Hostcc scripts/basic/fixdep
Hostcc scripts/basic/split-include
Hostcc scripts/basic/docproc
Hostcc scripts/conmakehash
Hostcc scripts/kallsyms
CC scripts/empty. o
Hostcc scripts/mk_elfconfig
Mkelf scripts/elfconfig. h
Hostcc scripts/file2alias. o
Hostcc scripts/modpost. o
Hostcc scripts/sumversion. o
Hostld scripts/modpost
Hostcc scripts/pnmtologo
Hostcc scripts/bin2c
At this point, CTRL + C can be aborted, because we do not need to compile all modules, which is a waste of time, rather than just the netfilter module,
However, if you directly execute make modules subdirs = net/IPv4/netfilter, an error will occur, which is the difference between 2.4 and 2.6,
After a series of required files under the scripts directory, we can make modules subdirs = net/IPv4/netfilter,
Use modpost and so on to generate *. O files into *. Ko files.
[Root @ jiecho] # Make modules subdirs = net/IPv4/Netfilter
Copy the compiled module after compiling the netfilter module.
[Root @ jiecho] # cp/usr/src/Linux/NET/IPv4/Netfilter/ipt_ipp2p.ko/lib/modules/2.6.5-1.358/kernel/NET/IPv4/Netfilter/
[Root @ jiecho] # cp/usr/src/Linux/NET/IPv4/Netfilter/ipt_time.ko/lib/modules/2.6.5-1.358/kernel/NET/IPv4/Netfilter/
[Root @ jiecho] # chmod + x/lib/modules/2.6.5-1.358/kernel/NET/IPv4/Netfilter/ipt_ipp2p.ko
[Root @ jiecho] # chmod + x/lib/modules/2.6.5-1.358/kernel/NET/IPv4/Netfilter/ipt_time.ko
[Root @ jiecho] # depmod-
5. CompileIptables
[Root @ jiecho] # cd/usr/src/iptables
Refer to the install file for compilation and installation.
[Root @ jiecho] # Make kernel_dir =/usr/src/Linux
Compilation fails due to errors.
/Usr/src/Linux/include/Linux/config. h: 6: 2: [root @ jiecho] # error including kernel header in userspace; Use the glibc headers instead!
I haven't found any reason for Google for a long time, so I can solve it myself.
[Root @ jiecho] # vi/usr/src/Linux/include/Linux/config. h comment out the following three lines
// # Ifndef _ KERNEL __
// # Error including kernel header in userspace; Use the glibc headers instead!
// # Endif

Then re-compile and install
Make kernel_dir =/usr/src/Linux
Make install kernel_dir =/usr/src/Linux
Test the installation after installation.
[Root @ jiecho] #Iptables-V
[Root @ jiecho] # modprobe ipt_time
[Root @ jiecho] # modprobe ipt_ipp2p
[Root @ jiecho] # lsmod
Ipt_time 2432 0
Ipt_ippeer-to-Peer 7552 0
Ipt_reject 4736 1
Ipt_status 1536 1
Ip_conntrack 24968 1 ipt_state
Iptable_filter 2048 1
Ip_tables 13440 5 ipt_time, ipt_ipp2p, ipt_reject, ipt_state, iptable_filter
Battery 6924 0
IPv6 184288 10
3c59x 30376 0
Binfmt_misc 7176 1
Nls_utf8 1536 4
NTFS 81516 4
Dm_mod 33184 0
Uhci_hcd 23708 0
Button 4504 0
Asus_acpi 8472 0
AC 3340 0
Ext3 102376 4
Jbd 40216 1 ext3
TestIptables
[Root @ jiecho] #Iptables-A forward-M ipp2p -- EDK -- KaZaA -- bit-J Drop
[Root @ jiecho] #Iptables-A input-m Time -- timestart 8:00 -- timestop 18:00 -- days Mon, Tue, wed, Thu, Fri
[Root @ jiecho] # iptalbes-l

I saw this post. The makefile of the kernel in section 2.6 has made a lot of changes, so according to the previous 2.4 compilation method, it is not the same in some places, especially the module Compilation

The previous steps are okay, but you don't need to press Ctrl + C in make modules,
Replace this
Make modules_prepare
Then subdirs can be used, and 2.6 is replaced by a more concise method. The next step is to write as follows:
Make M = net/IPv4/Netfilter

The other steps are the same.

These are all compared by looking at makefile. I have used them many times and there is no problem.