While this post is titled “for Fedora Core 6”, it may be applicable to previous versions of Fedora Core. I tested this on Fedora Core 4 too, but some steps are different.
Note: This guide uses iptables-1.3.5-1.2.1 and kernel-2.6.19-1.2895.fc6.
First, grab ipp2p-0.8.2.tar.gz or the latest version if there’s any. Extract the tarball and make sure you have iptables and the currently installed kernel’s SRPMs installed. To proceed, I recommend rpm-build to be installed (simply use yum to install, i.e. yum install rpm-build). Next, install both SRPMs using the following command: rpm -ivh file.rpm. If you get “error: cannot create %sourcedir /usr/src/redhat/SOURCES” message, you can create the required directory: mkdir -p /usr/src/redhat. Also, rpm-building the kernel source requires redhat-rpm-config and unifdef to be installed.
Now that the “ingredients” are ready, let’s start doing the fun part..
Go to /usr/src/redhat/SPECS and do rpmbuild -bp iptables.spec, this will prepare the iptables’ source tree to match with the currently installed iptables binaries’ source. Do the same for the kernel, rpmbuild -bp kernel-2.6.spec. The newly patched source tree can be found inside /usr/src/redhat/BUILD directory.
Grab symvers-2.6.19-1.2895.fc6.gz from /boot, gunzip and rename it as Module.symvers, then move it to the kernel’s source directory (/usr/src/redhat/BUILD/kernel-2.6.19/linux-2.6.19-i386). Go into that directory, make sure that existing kernel config (.config) exists, then do: make scripts/kconfig/.
Note: If you can’t find symvers file in /boot, install kernel-devel package and you will find Module.symvers in /usr/src/kernels/
Next, return to the ipp2p source directory and do two modifications.
Add:
KERNEL_SRC=/usr/src/redhat/BUILD/kernel-2.6.19/linux-2.6.19.i386
before
KERNEL_SRC ?= $(firstword $(wildcard …
Add:
IPTABLES_SRC = /usr/src/redhat/BUILD/iptables-1.3.5
before
ifeq ($(IPTABLES_SRC),)
Save the changes and do make.
If it compiles successfully, then ipt_ipp2p.ko and libipt_ipp2p.so should be in the directory now.
Copy libipt_ipp2p.so to /lib/iptables. To verify whether this iptables module works, do iptables -m ipp2p -h.
In case you get the following: iptables v1.3.8: Couldn’t load match `ipp2p’, don’t worry. Have a look at this solution and simply recompile the modules.
There are two ways to load the ipp2p kernel module, insmod ipt_ipp2p.ko or copy ipt_ipp2p.ko to /lib/modules/2.6.19-1.2895.fc6/kernel/net/ipv4/netfilter and do depmod -a.
I got an error on the step make scripts/mod/modpost:
[root@p2pwall1 linux-2.6.19.i386]# gcc -m32 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common -Wstrict-prototypes -Wundef -Werror-implicit-function-declaration -Os -pipe -msoft-float -fno-builtin-sprintf -fno-builtin-log2 -fno-builtin-puts -mpreferred-stack-boundary=2 -march=i686 -mtune=generic -mtune=generic -mregparm=3 -ffreestanding -maccumulate-outgoing-args -DCONFIG_AS_CFI=1 -DCONFIG_AS_CFI_SIGNAL_FRAME=1 -Iinclude/asm-i386/mach-generic -Iinclude/asm-i386/mach-default -fomit-frame-pointer -fasynchronous-unwind-tables -g -fno-stack-protector -Wdeclaration-after-statement -Wno-pointer-sign -D__KERNEL__ -Iinclude -include include/linux/autoconf.h -m elf_i386 scripts/mod/modpost.c -o scripts/mod/modpost
cc1: error: unrecognized command line option “-m”
Any suggestions?
Do make scripts/kconfig/ instead of make scripts/mod/modpost.
fact : 1)Kernel: 2.6.18
2) [root@gw ipp2p-0.8.0]# lsmod
Module Size Used by
ipt_ipp2p 10752 0
iptable_mangle 7168 1
ipt_REDIRECT 6784 1
iptable_nat 12164 1
ip_nat 21548 2 ipt_REDIRECT,iptable_nat
ipt_layer7 15364 4
ip_conntrack 55392 3 iptable_nat,ip_nat,ipt_layer7
nfnetlink 11288 2 ip_nat,ip_conntrack
iptable_filter 7424 1
ip_tables 17860 3 iptable_mangle,iptable_nat,iptable_filter
i915 22016 1
drm 66580 2 i915
sch_sfq 10112 391
cls_u32 12036 1
sch_ingress 8708 1
sch_htb 20096 1
ipv6 243488 20
xt_mac 6272 51
xt_multiport 7552 14
xt_tcpudp 7424 8
xt_MARK 6784 2
x_tables 18180 9 ipt_ipp2p,ipt_REDIRECT,iptable_nat,ipt_layer7,ip_tables,xt_mac,xt_multiport,xt_tcpudp,xt_MARK
So I compiled ipp2p successfully? Then Why i am getting this error when i do
[root@gw ipp2p-0.8.0]# iptables -A FORWARD -m ipp2p –bit -j DROP
iptables v1.3.7: Couldn’t load match `ipp2p’
Try `iptables -h’ or ‘iptables –help’ for more information.
[root@gw ipp2p-0.8.0]#
Have you copied over the libipt_ipp2p.so file to /lib/iptables/?
Hello, could you help me with ipp2p on kernel 2.6.22?
I got this error:
make -C /usr/src/redhat/BUILD/kernel-2.6.22/linux-2.6.22.i386 SUBDIRS=/root/ipp2p-0.8.2 modules
make[1]: Entering directory `/usr/src/redhat/BUILD/kernel-2.6.22/linux-2.6.22.i386′
CC [M] /root/ipp2p-0.8.2/ipt_ipp2p.o
/root/ipp2p-0.8.2/ipt_ipp2p.c: In function ‘match’:
/root/ipp2p-0.8.2/ipt_ipp2p.c:751: error: ‘const struct sk_buff’ has no member named ‘nh’
/root/ipp2p-0.8.2/ipt_ipp2p.c: At top level:
/root/ipp2p-0.8.2/ipt_ipp2p.c:874: warning: initialization from incompatible pointer type
/root/ipp2p-0.8.2/ipt_ipp2p.c: In function ‘init’:
/root/ipp2p-0.8.2/ipt_ipp2p.c:883: warning: implicit declaration of function ‘ipt_register_match’
/root/ipp2p-0.8.2/ipt_ipp2p.c: In function ‘fini’:
/root/ipp2p-0.8.2/ipt_ipp2p.c:888: warning: implicit declaration of function ‘ipt_unregister_match’
make[2]: *** [/root/ipp2p-0.8.2/ipt_ipp2p.o] Error 1
make[1]: *** [_module_/root/ipp2p-0.8.2] Error 2
make[1]: Leaving directory `/usr/src/redhat/BUILD/kernel-2.6.22/linux-2.6.22.i386′
make: *** [ipt_ipp2p.ko] Error 2
Thank you
Have a look at this:
http://www.ashberg.de/hacks/ipp2p-0.8.2-kernel-2.6.21-patch.php
Hello, here is good patch for kernel 2.6.22 http://kambing.ui.edu/gentoo-portage/net-firewall/ipp2p/files/ipp2p-0.8.2-kernel-2.6.22.patch
and modification of Makefile:
suply: ld -shared -o libipt_ipp2p.so libipt_ipp2p.o
by: $(CC) -shared -o libipt_ipp2p.so libipt_ipp2p.o
now compilation is OK
iptables -m ipp2p -h is OK
but
insmod ipt_ipp2p.ko
insmod: error inserting ‘ipt_ipp2p.ko’: -1 Invalid module format
Do you have any idea?
Thank you again.
Hmm, have you checked dmesg for more descriptive error messages?
Kubas,
Your patch works fine for me (FC6, kernel-2.6.22.5-49)
mk
For the “Invalid module format”: take care what kernel sources are you using i586 or i686. Try with i586 🙂
If you get invalid module format, probably you are using a different kernel version’s source tree to build the modules. Remember to always check dmesg for more informative error messages.
The patch works fine for me!! Ubuntu 7.10, kernel 2.6.22-14-generic.
Excellent step by step information.
I was struggling to install it before I get this document. I followed the instruction in the same order and installed successfully.
Humberto Caetano Says:
November 29, 2007 at 18:50
The patch works fine for me!! Ubuntu 7.10, kernel 2.6.22-14-generic.
Hello
I am strugling hard with this on a Ubuntu 7.10, kernel 2.6.22-14-generic with iptables 1.4.0 and IPP2P-0.8.2
Can You tell me what are the other versions in your system
Iptables version and ipp2p-version etc…
and what patches did you apply to get it to work (Only that patch Kubas posted on this page and modified Makefile or…)
and basicly how did you install IPP2P succesfully. I am having huge problems installing it make just doesnt compile and gives me errors
Hello,
I build ipp2p on kernel 2.6.24.3-50.fc8.
After compilation without any error the “insmod ipt_ipp2p.ko” gives error: “insmod: error inserting ‘ipt_ipp2p.ko’: -1 Invalid module format”
I check dmesg and find this: “ipt_ipp2p: version magic ‘2.6.24.3 SMP mod_unload 686 4KSTACKS ‘ should be ‘2.6.24.3-50.fc8 SMP mod_unload 686 4KSTACKS ‘”
I replace in kernel souces /usr/src/redhat/BUILD/kernel-2.6.24/linux-2.6.24.i386/Makefile EXTRAVERSION = .3 to EXTRAVERSION = .3-50.fc8
and remake “make scripts/kconfig/”
and rebuild the ipp2p.
Now insmod ipt_ipp2p.ko works fine 🙂
I think that this solved the problem with invalid module format for Fedora distributions.
Fantastic post!!! Cheers!
hi there
im using centos 5.2 kernel-2.6.18-92.el5
when i make ipp2p all goes well execpt when i try to add any sort of iptables
chain using the ipp2p module, i get iptables: Unknown error 4294967295
this is fixed by running /sbin/insmod ipt_ipp2p.ko
but when i input rules the p2p traffic still goes through and ares still connects
please help i really want to make this work
Thanks in advance
Wetdog