在Debian 上编译内核2.6.26.3加入Layer7模块
系统信息:
OS : Debian
KERNEL:2.6.26.2
- root #apt-get install debhelper modutils kernel-package libncurses5-dev fakeroot
- root #apt-get install gcc g++ make
因为Debian系统的内核编译跟RedHat有所不同,它在编译的时候会需要make-kpkg和fakeroot[可选]命令,因此需要安装以上的软件包才行!
第二步,下载并解开所需的源代码软件到相应的位置:
要编译内核并加入layer7模块,必须需要以下的软件的源代码:
- linux kernel source
- iptables source
- l7-filter patch
- l7-filter protocols
我选用的以上软件的版本如下:
- kernel:2.6.26.3
- iptables:1.4.3
- l7-filter patch:2.2
- l7-filter protocols:2009-05-28
同时,已经有的旧版本是
- kernel:2.6.26.2
- iptables:1.4.2
完整下载如下:
root # wget ftp://ftp.tw.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.3.tar.bz2 root # wget ftp://ftp.netfilter.org/pub/iptables/iptables-1.4.3.tar.bz2 root # wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.22.tar.gz root # wget http://nchc.dl.sourceforge.net/sourceforge/l7-filter/l7-protocols-2009-05-28.tar.gz
或者通过以下网站下载
The 2.4 or 2.6 Linux kernel source (2.6 strongly preferred) from kernel.org(http://kernel.org/)The iptables source from netfilter.org(http://netfilter.org/)Our "l7-filter kernel version(http://sourceforge.net/project/showfiles.php?group_id=80085)" package (netfilter-layer7-vX.Y.tar.gz)Our "Protocol definitions(http://sourceforge.net/project/showfiles.php?group_id=80085)" package (l7-protocols-YYYY-MM-DD.tar.gz)
按我的习惯,将这些软件解压到:/usr/local/src/Layer7下面:
因为是编译新的内核,我习惯将编译内核的源代码放在/usr/src下面,并建一个新的目录kernels,
- root #cd /usr/src
- root #mkdir kernels
- root #cd kernels
解开要用的软件包到 /usr/src/kernels下面:
- root#tar -jxvf /usr/local/src/Layer7/linux-2.6.26.3.tar.bz2
- root#tar -zxvf /usr/local/src/Layer7/iptables-1.4.3.tar.gz
- root#tar -zxvf /usr/local/src/Layer7/netfilter-layer7-v2.22.tar.gz
- root#tar -zxvf /usr/local/src/Layer7/l7-protocols-2009-05-28.tar.gz
第三步,将Layer7加入新的内核中并进行编译:
为了方便,做一个符号链接,并进入新内核源代码的目录:
- root#ln -s linux-2.6.26.3 linux
- root#cd linux
如果你要用延续使用旧版本内核中的模块中的功能,你要将/boot/config-kernel-version文件copy到当前的内核目录,并命名为.config
- root#cp /boot/config-2.6.26-2-amd64 ./.config
为内核源代码打上layer7的补丁:
- root#patch -p1 < ../netfilter-layer7-v2.22/kernel-2.6.25-2.6.28-layer7-2.22.patch
结果如下:
- patching file net/netfilter/Kconfigpatching
- file net/netfilter/Makefilepatching
- file net/netfilter/xt_layer7.cpatching
- file net/netfilter/regexp/regexp.cpatching
- file net/netfilter/regexp/regexp.hpatching
- file net/netfilter/regexp/regmagic.hpatching file net/netfilter/regexp/regsub.cpatching
- file net/netfilter/nf_conntrack_core.cpatching
- file net/netfilter/nf_conntrack_standalone.cpatching
- file include/net/netfilter/nf_conntrack.hpatching
- file include/linux/netfilter/xt_layer7.h
为内核选择layer7及相关的模块:
- root #make menuconfig
选项如下:
- General setup --->
- [*] Prompt for development and/or incomplete code/drivers Networking --->
- Networking options --->
- [*] Network packet filtering framework (Netfilter) --->
- Core Netfilter Configuration --->
- <M> Netfilter connection tracking support
- -*- Connection tracking flow accounting
- -*- Connection mark tracking support
- [*] Connection tracking security mark support
- [*] Connection tracking events (EXPERIMENTAL)
- <M> SCTP protocol connection tracking support (EXPERIMENTAL)
- <M> UDP-Lite protocol connection tracking support (EXPERIMENTAL)
- <M> Amanda backup protocol support
- <M> FTP protocol support
- <M> H.323 protocol support (EXPERIMENTAL)
- <M> IRC protocol support
- <M> NetBIOS name service protocol support (EXPERIMENTAL)
- <M> PPtP protocol support
- <M> SANE protocol support (EXPERIMENTAL)
- <M> SIP protocol support (EXPERIMENTAL)
- <M> TFTP protocol support
- <M> Connection tracking netlink interface (EXPERIMENTAL)
- {M} Netfilter Xtables support (required for ip_tables)
- <M> "CLASSIFY" target support
- <M> "CONNMARK" target support
- <M> "DSCP" target support
- <M> "MARK" target support
- <M> "NFQUEUE" target Support
- <M> "NFLOG" target support
- <M> "NOTRACK" target support
- <M> "TRACE" target support
- <M> "TRACE" target support
- <M> "SECMARK" target support
- <M> "CONNSECMARK" target support
- <M> "TCPMSS" target support
- <M> "comment" match support
- <M> "connbytes" per-connection counter match support
- <M> "connlimit" match support"
- <M> "connmark" connection mark match support
- <M> "conntrack" connection tracking match support
- <M> "DCCP" protocol match support
- <M> "DCCP" protocol match support
- <M> "DSCP" match support
- <M> "ESP" match support
- <M> "helper" match support
- <M> "length" match support
- <M> "limit" match support
- <M> "mac" address match support
- <M> "mark" match support
- <M> IPsec "policy" match support
- <M> Multiple port match support
- <M> "physdev" match support
- <M> "pkttype" packet type match support
- <M> "quota" match support
- <M> "realm" match support
- <M> "sctp" protocol match support (EXPERIMENTAL)
- <M> "state" match support
- <M> "layer7" match support
- [*] Layer 7 debugging output
- <M> "statistic" match support
- <M> "string" match support
- <M> "tcpmss" match support
- <M> "time" match support
- <M> "u32" match support
- <M> "hashlimit" match support
- IP: Netfilter Configuration --->
- <M> IPv4 connection tracking support (required for NAT)
- [*] proc/sysctl compatibility with old connection tracking (NEW
- <M> IP Userspace queueing via NETLINK (OBSOLETE)
- <M> IP tables support (required for filtering/masq/NAT)
- <M> IP range match support
- <M> TOS match support
- <M> recent match support
- <M> ECN match support
- <M> AH match support
- <M> TTL match support
- <M> Owner match support
- <M> address type match support
- <M> Packet filtering
- <M> REJECT target support
- <M> LOG target support
- <M> ULOG target support
- <M> Full NAT (NEW)
- <M> MASQUERADE target support
- <M> REDIRECT target support
- <M> NETMAP target support
- <M> SAME target support (OBSOLETE)
- <M> Basic SNMP-ALG support (EXPERIMENTAL)
- <M> Packet mangling
- <M> TOS target support
注意,刚开始时,我一直找不到:<M> "layer7" match support 和 [*] Layer 7 debugging output 这两个模块,浪费了很多时间,后来发现是因为这两个模块是属于:<> Netfilter connection tracking support 这个模块,因此得先选择<M> Netfilter connection tracking support 这样下面才有Layer7及相关模块!
其中time模块就是可以通过iptables可以控制上网的时间等功能,就是时间控制的模块!
相关推荐
菜鸟上路CCLinux 2020-11-04
xiaoemo0 2020-08-09
84931231 2020-07-30
82941732 2020-07-27
wh0 2020-07-27
taianxiaojia 2020-07-15
mattraynor 2020-06-25
82941732 2020-06-11
安得情怀似旧时 2020-06-08
libra0 2020-06-01
84931231 2020-05-06
Summer的小屋 2020-03-26
82941732 2020-03-10
82941732 2020-03-04
咏月东南 2020-02-25
zhongcanw 2020-02-22