After emerging iptables (tried both 1.3.4 and new-unstable 1.3.5) I can't get to the functionality of the psd matching module, which is described in "man iptables". Iptables were emerged with "+extensions +ipv6 -static" and kernel used was gentoo-sources, I tried both 2.6.15-r1 and latest 2.6.16 versions, both with the same results. Whenever I have tried to match anything like: $IPTABLES -A INPUT -i eth0 -p TCP -m psd ... I got an error: iptables v1.3.5: Couldn't load match `psd':/lib/iptables/libipt_psd.so: cannot open shared object file: No such file or directory I have checked that directory myself and there is indeed no libipt_psd.so I have compiled practically everything regarding netfilters and networking in kernel as a module, but i can't find any module containing "psd" in its name nor any option with "psd" in config file in gentoo-sources. I have tried this on x86 (Dual PEntium III) and x64_86 (Dual Opteron) with same results...
you neglected to post `emerge info` also, run `emerge iptables >& log` and post the log as an attachment
Created attachment 82823 [details] results of "emerge iptables" output
k ...
your kernel lacks PSD support thus no PSD module was built
(In reply to comment #4) > your kernel lacks PSD support thus no PSD module was built > (In reply to comment #4) > your kernel lacks PSD support thus no PSD module was built > But there is no option to enable psd support in gentoo-sources kernel...
that's because we dont offer such patched kernel sources anymore you'll need to patch the kernel yourself ... look in the iptables patch-o-matic for patches
(In reply to comment #6) > that's because we dont offer such patched kernel sources anymore > > you'll need to patch the kernel yourself ... look in the iptables patch-o-matic > for patches > Sh*t. Maybe it wouldn't be a bad idea to change warning in the iptables ebuild itself ? Something like "for missing modules, you'll have to use patch-o-matic from www.xyz.org/sgsdf" or somesuch. I never used patch-o-matic in the past and having the stable gentoo-sources and iptables it didn't occur to me that this might not be my error... When emerging stable stuff, one does not expect things to not work, especially if they have been built without errors...
the iptables package contains a lot of experimental userspace modules for experimental kernel code that has not been integrated yet we dont do heavy custom patchsets anymore of the linux kernel
(In reply to comment #8) > the iptables package contains a lot of experimental userspace modules for > experimental kernel code that has not been integrated yet > > we dont do heavy custom patchsets anymore of the linux kernel > I'm not saying that anything with this decision is wrong. Just that it might be wise to mention this to the user at the appropriate moment, like just before "emerge iptables" finishes...
*** Bug 127126 has been marked as a duplicate of this bug. ***
(In reply to comment #8) > the iptables package contains a lot of experimental userspace modules for > experimental kernel code that has not been integrated yet > > we dont do heavy custom patchsets anymore of the linux kernel > why can't this be handled in the same way as it appears the l7-filter has been when you emerge that it applies the patch. why couldn't emerging ipset apply the patch?
