getting iptables into embedded kernel

getting iptables into embedded kernel

[Wacker, Klaus]

How to get iptables into a ppc kernel (2.6, netfilter enabled) and where
to store what to have functionality from the start?
I used NO_SHARED_LIBS=1 
I am able to download start the kernel, but do not find iptables. 

Sorry for this newbie question, but I have to start somewhere.
Thanks a lot
Klaus
Baker Hughes INTEQ GmbH
Baker-Hughes-Strasse 1, D - 29221 Celle
Tel.: +49 5141 203 0, Fax: +49 5141 203 296
Sitz der Gesellschaft: Celle, Amtsgericht Lueneburg HRB 100845
Geschaeftsfuehrer: Hermann Rathkamp, Ruediger Lichte, Friedhelm Makohl, Dr. Hans-Werner Hesse

Diese Nachricht ist ausschliesslich fuer die Person oder Organisation bestimmt, an die sie adressiert ist.  
Sie kann herstellerspezifische, nur fuer bestimmte Personen bestimmte,  vertrauliche oder andere Informationen enthalten, 
die kraft Gesetzes nicht offen gelegt werden muessen.  Wenn Sie nicht der in der Adresse genannte Empfaenger sind oder 
versehentlich in der Adresszeile angesprochen werden, sind Sie nicht berechtigt, diese Nachricht oder Teile davon zu lesen, 
zu drucken, aufzubewahren, zu kopieren oder zu verbreiten.  Sollten Sie diese Nachricht irrtuemlich erhalten haben, 
benachrichtigen Sie bitte den Absender umgehend per Email und vernichten Sie saemtliche Kopien der Nachricht. 
  
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain 
information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. 
If you are not the named addressee, or have been inadvertently and erroneously referenced in the address line 
you are not authorized to read, print, retain, copy or disseminate this message or any part of it. 
If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. 

DISC-GER-A

RE: getting iptables into embedded kernel

[Rob Sterenborg]

> How to get iptables into a ppc kernel (2.6, netfilter
> enabled) and where to store what to have functionality from the
> start?
> I used NO_SHARED_LIBS=1
> I am able to download start the kernel, but do not find iptables.

AFAIK you cannot.
Iptables is a *user*space utility to configure the Netfilter framework
and I don't see how you'd compile that into the kernel.


Rob

getting iptables into embedded kernel

[Wacker, Klaus]

> How to get iptables into a ppc kernel (2.6, netfilter
> enabled) and where to store what to have functionality from the
> start?
> I used NO_SHARED_LIBS=1
> I am able to download start the kernel, but do not find iptables.

AFAIK you cannot.
Iptables is a *user*space utility to configure the Netfilter framework
and I don't see how you'd compile that into the kernel.


Rob


Ok, I am a little confused with kernel modules. Anyhow I would like to
do something like this here (from the install): 
"
4) If you want to build a statically linked version of the iptables
binary,
   without the need for loading the plugins at runtime (e.g. for an
embedded
   device or router-on-a-disk), please use

	% make NO_SHARED_LIBS=1
"

and I get a rather large executable binary (700kB). But I can't execute
this nor do I know how to make it run inside my target.
Klaus


Baker Hughes INTEQ GmbH
Baker-Hughes-Strasse 1, D - 29221 Celle
Tel.: +49 5141 203 0, Fax: +49 5141 203 296
Sitz der Gesellschaft: Celle, Amtsgericht Lueneburg HRB 100845
Geschaeftsfuehrer: Hermann Rathkamp, Ruediger Lichte, Friedhelm Makohl, Dr. Hans-Werner Hesse

Diese Nachricht ist ausschliesslich fuer die Person oder Organisation bestimmt, an die sie adressiert ist.  
Sie kann herstellerspezifische, nur fuer bestimmte Personen bestimmte,  vertrauliche oder andere Informationen enthalten, 
die kraft Gesetzes nicht offen gelegt werden muessen.  Wenn Sie nicht der in der Adresse genannte Empfaenger sind oder 
versehentlich in der Adresszeile angesprochen werden, sind Sie nicht berechtigt, diese Nachricht oder Teile davon zu lesen, 
zu drucken, aufzubewahren, zu kopieren oder zu verbreiten.  Sollten Sie diese Nachricht irrtuemlich erhalten haben, 
benachrichtigen Sie bitte den Absender umgehend per Email und vernichten Sie saemtliche Kopien der Nachricht. 
  
This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain 
information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. 
If you are not the named addressee, or have been inadvertently and erroneously referenced in the address line 
you are not authorized to read, print, retain, copy or disseminate this message or any part of it. 
If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message. 

DISC-GER-A

RE: getting iptables into embedded kernel

[Rob Sterenborg]

>> How to get iptables into a ppc kernel (2.6, netfilter
>> enabled) and where to store what to have functionality from the
>> start? I used NO_SHARED_LIBS=1
>> I am able to download start the kernel, but do not find iptables.
> 
> AFAIK you cannot.
> Iptables is a *user*space utility to configure the Netfilter framework
> and I don't see how you'd compile that into the kernel.
> 
> 
> Rob
> 
> 
> Ok, I am a little confused with kernel modules. Anyhow I would like to
> do something like this here (from the install):
> "
> 4) If you want to build a statically linked version of the iptables
>    binary, without the need for loading the plugins at runtime (e.g.
>    for an embedded device or router-on-a-disk), please use
> 
> 	% make NO_SHARED_LIBS=1
> "
> 
> and I get a rather large executable binary (700kB). But I
> can't execute this nor do I know how to make it run inside my target.
> Klaus

This is something different from compiling things "into" the kernel.
You've just built a statically linked iptables binary: those binaries
don't need external libraries, which is why they are larger because the
functionality in the libraries must be present in the binary to actually
make it standalone.

So, you still get a binary called iptables which must be run from some
shell (I guess).


Rob

getting iptables into embedded kernel

[Klaus Wacker]

>> How to get iptables into a ppc kernel (2.6, netfilter
>> enabled) and where to store what to have functionality from the
>> start? I used NO_SHARED_LIBS=1
>> I am able to download start the kernel, but do not find iptables.
> 
> AFAIK you cannot.
> Iptables is a *user*space utility to configure the Netfilter framework
> and I don't see how you'd compile that into the kernel.
> 
> 
> Rob
> 
> 
> Ok, I am a little confused with kernel modules. Anyhow I would like to
> do something like this here (from the install):
> "
> 4) If you want to build a statically linked version of the iptables
>    binary, without the need for loading the plugins at runtime (e.g.
>    for an embedded device or router-on-a-disk), please use
> 
> 	% make NO_SHARED_LIBS=1
> "
> 
> and I get a rather large executable binary (700kB). But I
> can't execute this nor do I know how to make it run inside my target.
> Klaus

>This is something different from compiling things "into" the kernel.
>You've just built a statically linked iptables binary: those binaries
>don't need external libraries, which is why they are larger because the
>functionality in the libraries must be present in the binary to actually
>make it standalone.

>So, you still get a binary called iptables which must be run from some
>shell (I guess).


>Rob

Yes, did that and then I try to run it but it only says "cannot execute binary file"
even I can execute other files.
Klaus



_______________________________________________________________________
Jetzt neu! Schützen Sie Ihren PC mit McAfee und WEB.DE. 3 Monate
kostenlos testen. http://www.pc-sicherheit.web.de/startseite/?mc=022220

Re: getting iptables into embedded kernel

[Frank Petran]

On Tuesday 31 July 2007 11:24, Klaus Wacker wrote:
> Yes, did that and then I try to run it but it only says "cannot execute
> binary file"
What machine were you using to compile the iptables binary?

You mentioned, your target machine is a PPC, if you compile iptables on an x86 
machine without cross compiling option for PPC, you will end up with an Intel 
binary that will not run on Power-PC architecture.

Frank
-- 
INPHO GmbH   *   Smaragdweg 1   *   70174 Stuttgart   *   Germany
phone: +49 711 2288 10  *  fax: +49 711 2288 111  *  web: www.inpho.de
place of business: Stuttgart    *   managing director: Johannes Saile
commercial register: Stuttgart, HRB 9586
Visit us at Trimble Dimensions 2007

getting iptables into embedded kernel

[Klaus Wacker]

On Tuesday 31 July 2007 11:24, Klaus Wacker wrote:
> Yes, did that and then I try to run it but it only says "cannot execute
> binary file"
>What machine were you using to compile the iptables binary?

>You mentioned, your target machine is a PPC, if you compile iptables on an x86 
>machine without cross compiling option for PPC, you will end up with an Intel 
>binary that will not run on Power-PC architecture.

>Frank
I compile on a PC linux box, my target is a PPC 85xx. I use a denx distro.
First I thought this goes into the kernel and the KERNEL_DIR takes care of that. 
I did have set my CROSS_COMPILE to my target and did set the PATH as well. I've just tried again with ARCH=ppc and CROSS_COMPILE=ppc_85xx-  
;this doesn't work either.
Klaus
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066

getting iptables into embedded kernel

[Klaus Wacker]

On Tuesday 31 July 2007 11:24, Klaus Wacker wrote:
> Yes, did that and then I try to run it but it only says "cannot execute
> binary file"
>What machine were you using to compile the iptables binary?

>You mentioned, your target machine is a PPC, if you compile iptables on an x86 
>machine without cross compiling option for PPC, you will end up with an Intel 
>binary that will not run on Power-PC architecture.

>Frank
>I compile on a PC linux box, my target is a PPC 85xx. I use a denx distro.
>First I thought this goes into the kernel and the KERNEL_DIR takes care of that. 
>I did have set my CROSS_COMPILE to my target and did set the PATH as well. I've just tried again with ARCH=ppc and CROSS_COMPILE=ppc_85xx-  
>;this doesn't work either.
>Klaus

My tool chain does not work. I used "readelf" and it does tell me the file is been compiled for a 80386 
So I will dig more into that direction. Cheers
Klaus
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066