F15_64: missing iptable_filter

JB jb.1234abcd at gmail.com
Tue Nov 8 20:08:16 UTC 2011 

T.C. Hollingsworth <tchollingsworth <at> gmail.com> writes:

> 
> On Tue, Nov 8, 2011 at 10:53 AM, JB <jb.1234abcd <at> gmail.com> wrote:
> > T.C. Hollingsworth <tchollingsworth <at> gmail.com> writes:
> >
> >>
> >> On Tue, Nov 8, 2011 at 8:05 AM, Michael D. Berger <m.d.berger <at> ieee.org>
> > wrote:
> >> > On my new F15_64, modprobe cannot find "iptable_filter". Also,
> >> >   find /lib -iname "*iptables*filter*"
> >> > finds nothing.
> >>
> >> iptables support is compiled into Fedora kernels and is always
> >> available, therefore no module exists.
> >>
> >> -T.C.
> >
> > That's true, but you spoiled his searching/learning process. And mine too 
> 
> Well, to convert it back into a teaching moment: you can figure out if
> modules are compiled into the kernel by checking the kernel config
> file.  You can find Fedora's here:
> http://pkgs.fedoraproject.org/gitweb/?p=kernel.git;a=blob;f=config-generic
> 
> -T.C.

But it is not always easy/obvious what name to look for in kernel config file:
$ grep -i filter /boot/config-2.6.35.14-103.fc14.i686
...
< quite many results >
...

If first looking at kernel source code:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=tree;f=net/ipv4/netfilter;hb=HEAD

you can confirm the existence of that module file:
drwxr-xr-x 	  	.. 	
-rw-r--r-- 	11796 	Kconfig 	blob | history | raw
-rw-r--r-- 	2414 	Makefile 	blob | history | raw
...
-rw-r--r-- 	3158 	iptable_filter.c 	blob | history | raw
...

and then you can look up that kernel config file Kconfig:
...
94 # `filter', generic and specific targets
95 config IP_NF_FILTER
96         tristate "Packet filtering"
97         default m if NETFILTER_ADVANCED=n
98         help
99           Packet filtering defines a table `filter', which has a series of
100           rules for simple packet filtering at local input, forwarding and
101           local output.  See the man page for iptables(8).
102
103           To compile it as a module, choose M here.  If unsure, say N.
...

which may not be so obvious to associate with our iptable_filter.c file name.
Only then you can get at it precisely:
$ grep -i IP_NF_FILTER /boot/config-2.6.35.14-103.fc14.i686 CONFIG_IP_NF_FILTER=y
and see that it is compiled in.

In other cases it could be worse than that. We depend on the mercy of a kernel
hacker with regard to clarity of description and naming conventions.

JB

More information about the users mailing list