• Home
  • Help
  • Search
  • Login
  • Register
Pages: [1]
Author Topic: Netfilter Issues Getting xt_state.ko (2.6.30rc1-rc3)  (Read 2568 times)
NAVNG
Newbie
*

Karma: 0
Posts: 2


View Profile
« on: April 24, 2009, 06:13:52 PM »

I'm attempting to recompile the kernel to enable full IP Tables for Shorewall.

The shipping kernel didn't have any netfilter support; so I grabbed 2.6.30rc1 source and turned all the netfilter stuff on as modules.  The new kernel worked great; I moved over the new kernel modules I compiled and they'd load but Shorewall still failed to start.  Some tracking down led me to ensure I had xt_state.ko; and I didn't.  It doesn't appear to exist in any of the 2.6.30rc1-rc3 versions when basing off the kirkwood_defconfig:


Now, if I use the config of the kernel of my host machine (the one Ubuntu kindly puts in /boot) the netfilter options include state:


I tried manually adding the 'CONFIG_NETFILTER_XT_MATCH_STATE=m' line to my .config between 'CONFIG_NETFILTER_XT_MATCH_SCTP=m' and 'CONFIG_NETFILTER_XT_MATCH_STATISTIC=m' (which is where it appears it *should* be), but 'make -j2 ARCH=arm CROSS_COMPILE=/plug/arm-2008q3/bin/arm-none-eabi- uImage' decides the .config is broken (and restarts configuration).

I'm not especially experienced with cross-compiling Linux kernels so perhaps there is a trick I'm missing.  Or perhaps ARM just doesn't support this particular module, though I can't think of a good reason why that might be the case.  I'd appreciate any input folks may have on the topic.
« Last Edit: April 24, 2009, 06:16:42 PM by NAVNG » Logged

rshitrit
Global Moderator
Newbie
*****

Karma: 0
Posts: 14


View Profile
« Reply #1 on: April 27, 2009, 09:40:42 AM »

grep for NETFILTER_XT_MATCH_STATE on the kernel Kconfig files (probably the one under "net/") and check on what is it depended on and follow it...
Logged

NAVNG
Newbie
*

Karma: 0
Posts: 2


View Profile
« Reply #2 on: April 27, 2009, 02:56:14 PM »

grep for NETFILTER_XT_MATCH_STATE on the kernel Kconfig files (probably the one under "net/") and check on what is it depended on and follow it...
Ah, looks like it required NET && INET && NETFILTER && NETFILTER_XTABLES && NF_CONNTRACK and I was missing NF_CONNTRACK.  This is what happens when you get used to using someone else's kernel config.

Thanks.
Logged

Pages: [1]
Print
Jump to: