[gentoo-user] Re: ipset needs to patch the kernel?
Meino.Cramer at gmx.de writes: I think the whole thing ipset consists of a kernel configuration and a user tool, which is available via emerge. Unfortunately, emerge still insists of patching the kernel, which is - according to your informations - unnecessary. oops. I guess I was unclear. Configuring the kernel and rebuilding it has the same effect as patching a version of the kernel before ipset became part of the kernel sources. So 'patching' and 'configuring' the kernel are pretty much the same thing. Look at how old that sidmat code is. It may have last had the documents updated when ipset was a kernel patch. Many things start out as a kernel patch, before being formally assimilated into the kernel sources. I unemerged ipset with emerge, fetched a new version from the internet, reconfigured the kernel accordingly, recompiled the kernel and this weekend I hopefully will have time to taste the soup... ;) Ah, net-firewall/ipset is probably different than ipset in the kernel sources. cd /usr/src/linux # find -name ipset -print ./net/netfilter/ipset ./include/uapi/linux/netfilter/ipset ./include/linux/netfilter/ipset So I think we are talking about (2)different things. Maybe related maybe just coincidence in names.. Sorry for the murky advice. Just dig a bit. http://ipset.netfilter.org/ explains the relationship hth, James
[gentoo-user] Re: ipset needs to patch the kernel?
Meino.Cramer at gmx.de writes: I dont like the idea of patching the kernel in order to get some minor user land tools to run... ipset has been integrated into the kernel:: 'equery belongs ipset' so you are just 'enabling' it to work. Are there any other ways to achieve the same ? Yes, but it's a ton more work:: https://github.com/Olipro/ipset Note that those files have not been touched in a while. The files in all capitals are excellent reading to enhance your understanding of the options. I'd google for additional and newer information on ipset, until you are comfortable with what you are doing with ipset and sidmat. Sorry, I have no experience with sidmat directly. hth, James
Re: [gentoo-user] Re: ipset needs to patch the kernel?
James wirel...@tampabay.rr.com [15-08-05 17:32]: Meino.Cramer at gmx.de writes: I dont like the idea of patching the kernel in order to get some minor user land tools to run... ipset has been integrated into the kernel:: 'equery belongs ipset' so you are just 'enabling' it to work. Are there any other ways to achieve the same ? Yes, but it's a ton more work:: https://github.com/Olipro/ipset Note that those files have not been touched in a while. The files in all capitals are excellent reading to enhance your understanding of the options. I'd google for additional and newer information on ipset, until you are comfortable with what you are doing with ipset and sidmat. Sorry, I have no experience with sidmat directly. hth, James Hi James, thanks for your reply :) I think the whole thing ipset consists of a kernel configuration and a user tool, which is available via emerge. Unfortunately, emerge still insists of patching the kernel, which is - according to your informations - unnecessary. I unemerged ipset with emerge, fetched a new version from the internet, reconfigured the kernel accordingly, recompiled the kernel and this weekend I hopefully will have time to taste the soup... ;) Best regards, Meino
