/usr/share/doc/iptables-dev/html/netfilter-extensions-HOWTO-2.html is in iptables-dev 1.4.12-1ubuntu4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.66">
<TITLE>Netfilter Extensions HOWTO: Patch-O-Matic</TITLE>
<LINK HREF="netfilter-extensions-HOWTO-3.html" REL=next>
<LINK HREF="netfilter-extensions-HOWTO-1.html" REL=previous>
<LINK HREF="netfilter-extensions-HOWTO.html#toc2" REL=contents>
</HEAD>
<BODY>
<A HREF="netfilter-extensions-HOWTO-3.html">Next</A>
<A HREF="netfilter-extensions-HOWTO-1.html">Previous</A>
<A HREF="netfilter-extensions-HOWTO.html#toc2">Contents</A>
<HR>
<H2><A NAME="s2">2.</A> <A HREF="netfilter-extensions-HOWTO.html#toc2">Patch-O-Matic</A></H2>
<H2><A NAME="ss2.1">2.1</A> <A HREF="netfilter-extensions-HOWTO.html#toc2.1">What is Patch-O-Matic ?</A>
</H2>
<P>Netfilter developers distribute a set of patches that they package
so that it can be used by their `patch-o-matic' (or `p-o-m') system.
p-o-m is a script that guides you through the process of choosing/selecting
the patches you want to apply, and automatically patch the kernel for you.</P>
<P>First, you should get the latest CVS tree, to be sure that you are using the
latest extensions. To do so, perform :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic login
(When it asks you for a password type `cvs').
# cvs -d :pserver:cvs@pserver.netfilter.org:/cvspublic co netfilter/userspace netfilter/patch-o-matic
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>This will create the toplevel directory `netfilter/', and will
check out all the files inside for you :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ls -l netfilter/
total 3
drwxr-xr-x 2 root root 160 Nov 7 14:48 CVS/
drwxr-xr-x 13 root root 488 Nov 7 14:54 patch-o-matic/
drwxr-xr-x 9 root root 864 Nov 7 14:48 userspace/
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>Make sure your kernel source is ready in `/usr/src/linux/'.
If for whatever reason the kernel you want to patch is not
in `/usr/src/linux/' then you can make the variable KERNEL_DIR
point to the patch where your kernel is :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# export KERNEL_DIR=/the/path/linux
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>Make sure the dependencies are made already. If unsure :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# cd /usr/src/linux/
# make dep
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>Then you can go back to the netfilter directory, in the `patch-o-matic/' directory.
You can now invoke p-o-m.</P>
<H2><A NAME="ss2.2">2.2</A> <A HREF="netfilter-extensions-HOWTO.html#toc2.2">Running Patch-O-Matic</A>
</H2>
<P>While in the `patch-o-matic/' directory, let's run p-o-m :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# ./runme extra
Welcome to Rusty's Patch-o-matic!
Each patch is a new feature: many have minimal impact, some do not.
Almost every one has bugs, so I don't recommend applying them all!
-------------------------------------------------------
Already applied: 2.4.1 2.4.4
Testing... name_of_the_patch NOT APPLIED ( 2 missing files)
The name_of_the_patch patch:
Here usually is the help text describing what
the patch is for, what you can expect from it,
and what you should not expect from it.
Do you want to apply this patch [N/y/t/f/q/?]
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>p-o-m will go through most of the patches. If they are already applied,
you will see so on the `Already applied:' first line. If they are not applied
yet, it will display the name of the patch with some explanations.
p-o-m will tell you what is going on : `NOT APPLIED ( n missing files)' simply means
the patch has not been applied yet, whereas `NOT APPLIED ( n rejects out of n hunks)'
generally means that :
<OL>
<LI>Either the patch cannot be applied cleanly...</LI>
<LI>...Or the patch has already been included in the kernel you are trying to patch.</LI>
</OL>
</P>
<P>Finally it will prompt you to decide whether or not to patch it.</P>
<P>
<UL>
<LI>Simply press enter if you do not want to apply it.</LI>
<LI>Type `y' if you want p-o-m to test the patch and apply it,
if the attempt fail then it will tell you so and prompt you again for confirmation.
If not, the patch will be applied, and you will see the name of the patch
on the `Already Applied' line.</LI>
<LI>Type `t' if you just want to test if the patch would apply normally.</LI>
<LI>Type `f' if you
want to force p-o-m to apply the patch.</LI>
<LI>Finally type `q' if you want to quit p-o-m.</LI>
</UL>
</P>
<P>A rule of thumb is to read carefully the little explanation text of each patch
before actually applying it. As there are currently a LOT of official patches for patch-o-matic
(and probably more unofficial ones), it is not recommended to apply them all !
You should really consider applying only the ones you need, even if it means recompiling
netfilter when you need more patches later on.</P>
<P>Patch-o-matic in fact, is mainly the `runme' shell script. If you run it without arguments, it will
display its help message :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
Usage: ./runme [--batch] [--reverse] [--exclude suite/patch-file ...] suite|suite/patch-file
--batch batch mode, automatically applying patches
--reverse back out the selected patches
--exclude excludes the named patches
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>The patches are contained in `patch-o-matic/pending/', `patch-o-matic/base', etc.. Here, `pending' and `base'
are two suite names. ls the `patch-o-matic' directory to see all the suites. Example of `runme' commands :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
./runme --batch pending
./runme --batch userspace/ipt_REJECT-fake-source.patch
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>The first command will attempt to apply all the patches from submitted suite,
then the pending suite (we explain further why two suites). The second command
will only apply the patch `ipt_REJECT-fake-source.patch' from the userspace suite.</P>
<P>The most relevant patches `suites' or repositories are (in their order or application) :
<UL>
<LI>submitted</LI>
<LI>pending</LI>
<LI>base</LI>
<LI>extra</LI>
<LI>userspace</LI>
</UL>
</P>
<P>When you instruct `./runme' to apply patches from the `extra/' patch repository it will first
present you with the patches from the `submitted/', `pending/', and `base/' directories.
Each suite, maintain a file named `SUITE' that instruct p-o-m of the order in which
it should attempt to apply the patches. For example, what I explained above is written
in the `userspace/' repository's `SUITE' file :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# cat userspace/SUITE
submitted pending base extra userspace
</PRE>
</CODE></BLOCKQUOTE>
</P>
<H2><A NAME="ss2.3">2.3</A> <A HREF="netfilter-extensions-HOWTO.html#toc2.3">So what's next ?</A>
</H2>
<P>Once you have applied all the patches you wished to apply, the next step is recompile
your kernel and install it. This HOWTO will not explain how to do this. Instead, you
can read the
<A HREF="http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html">Linux Kernel HOWTO</A>.</P>
<P>While configuring your kernel, you will see new options in
``Networking Options -> Netfilter Configuration''. Choose the options
you need, recompile & install your new kernel.</P>
<P>Once your new kernel is installed, you can go ahead and compile and install the ``iptables''
package, from the `userspace/' directory as follows :</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
# make all install
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>That's it ! Your new shiny iptables package is installed ! Now it's time
to use these brand new functionalities.</P>
<HR>
<A HREF="netfilter-extensions-HOWTO-3.html">Next</A>
<A HREF="netfilter-extensions-HOWTO-1.html">Previous</A>
<A HREF="netfilter-extensions-HOWTO.html#toc2">Contents</A>
</BODY>
</HTML>
|