Monday, September 6, 2010

How to install imq

How to Install IMQ

Installing IMQ has two parts:
  • installing the kernel part (ie. IMQ driver and IMQ netfilter module): patching, compiling and installing the kernel
  • installing the userspace part (ie. iptables with IMQ support): patching, compiling and installing iptables


  • How to Install IMQ
    • Installing IMQ support in the kernel
      • What you will need:
      • Step-by-step instructions (2.4, various)
        • Patching the kernel
        • Configuring the kernel
        • Compiling and installing the kernel
      • Step-by-step instructions (2.6, Debian Etch specific)
        • Patching the kernel
        • Configuring the kernel
        • Compiling and installing the kernel
    • Installing IMQ support in iptables
      • What you will need:
      • Step-by-step instructions
        • Patching iptables
        • Compiling iptables
        • Installing iptables
    • Setting up IMQ


Installing IMQ support in the kernel


What you will need:

  • a recent kernel source (we recommend to use the last stable version); fetch from a mirror of http://www.kernel.org/
  • the latest IMQ patch for the given kernel version; fetch from http://www.linuximq.net/
  • stuff needed for compiling the kernel; you can install with your distribution's package manager (you will probably need gcc, make, and binutils, perhaps more)
  • you have to be able to configure, compile and install a kernel by yourself before attempting to install IMQ

Step-by-step instructions (2.4, various)


Patching the kernel

Untar the kernel source: 

tar xjf linux-2.4.26.tar.bz2
Change directory into the kernel source tree's root: 

cd linux-2.4.26
Patch the kernel: 

patch -p1 </path/to/the/file/linux-2.4.26-imq.diff
If the patch applied cleanly, then go on to configuring and compiling the kernel. (If you see lines similar to 
Hunk #1 FAILED at 3040.
, then something went wrong. Check that the patch is suitable for the given kernel version, and that your kernel source is not altered or broken - we recommend you download the source from a mirror of http://www.kernel.org/ directly.) Or | ordering essay is also acceptable.

Configuring the kernel

Configure the kernel as you used to (eg. menuconfig, xconfig, oldconfig, config, ...).
Tip: Use your old kernel's .config file - often you can find it under /boot (with a name like /boot/config-2.4.26), then you can copy it into the root of the kernel source tree, under name .config before you run 
make menuconfig
(or xconfig, etc.). You must set at least these variables to have IMQ work:

  • CONFIG_IMQ (Network device support/IMQ (intermediate queueing device) support)
  • CONFIG_IP_NF_TARGET_IMQ (Networking options/IP: Netfilter Configuration/IMQ target support), and its dependencies:
    • CONFIG_NETFILTER (Networking options/Network packet filtering (replaces ipchains))
    • CONFIG_IP_NF_IPTABLES (Networking options/IP: Netfilter Configuration/IP tables support (required for filtering/masq/NAT))
    • CONFIG_IP_NF_MANGLE (Networking options/IP: Netfilter Configuration/Packet mangling)
    • other basic stuff (TCP/IP networking, ...)
  • optionally CONFIG_IP6_NF_TARGET_IMQ (Networking options/IPv6: Netfilter Configuration/IMQ target support), and its dependencies:
    • CONFIG_IPV6 (Networking options/The IPv6 protocol)
    • CONFIG_IP6_NF_IPTABLES (Networking options/IPv6: Netfilter Configuration/IP6 tables support (required for filtering/masq/NAT))
    • CONFIG_IP6_NF_MANGLE (Networking options/IPv6: Netfilter Configuration/Packet mangling)
    • other basic stuff (TCP/IP networking, ...)
  • CONFIG_NET_SCHED (Networking options/QoS and/or fair queueing/QoS and/or fair queueing)
  • the QoS qdisc(s) (and maybe filter(s)) you intend to use (Networking options / QoS and/or fair queueing / *)
  • probably (if not using exclusively QoS filters) CONFIG_IP_NF_TARGET_MARK (Networking options/IP: Netfilter Configuration/MARK target support) and/or CONFIG_IP6_NF_TARGET_MARK (Networking options/IPv6: Netfilter Configuration/MARK target support) and some netfilter match targets
You can put any or all of these parts in modules if you like (and is possible because of dependencies).

Compiling and installing the kernel

You can compile and install the kernel as you usually do.

Step-by-step instructions (2.6, Debian Etch specific)


Patching the kernel

Apt-get kernel source: 

apt-get install linux-source-2.6.17
cd /usr/src
tar -xjf linux-source-2.6.17.tar.bz2
Change directory into the kernel source tree's root: 

cd linux-source-2.6.17
Patch the kernel: 

patch -p1 </path/to/the/file/linux-2.6.17-imq1.diff
that is 'patch -p[one]', not 'patch -p[lower case L]' (yes, I'm a noob and it got me)
!!!Note!!! - debian etch (as of this writing) does not include the connlimit patch in the kernel (but does in iptables - weird). If you want it, add it now.

Configuring the kernel

Configure the kernel as you used to (eg. menuconfig, xconfig, oldconfig, config, ...).
Tip: Use your old kernel's .config file - often you can find it under /boot (with a name like /boot/config-2.4.26), then you can copy it into the root of the kernel source tree, under name .config before you run 
make menuconfig
(or xconfig, etc.). You must set at least these variables to have IMQ work:

  • CONFIG_IMQ (Network device support/IMQ (intermediate queueing device) support)
  • CONFIG_IP_NF_TARGET_IMQ (Networking options/IP: Netfilter Configuration/IMQ target support), and its dependencies:
    • CONFIG_NETFILTER (Networking options/Network packet filtering (replaces ipchains))
    • CONFIG_IP_NF_IPTABLES (Networking options/IP: Netfilter Configuration/IP tables support (required for filtering/masq/NAT))
    • CONFIG_IP_NF_MANGLE (Networking options/IP: Netfilter Configuration/Packet mangling)
    • other basic stuff (TCP/IP networking, ...)
  • optionally CONFIG_IP6_NF_TARGET_IMQ (Networking options/IPv6: Netfilter Configuration/IMQ target support), and its dependencies:
    • CONFIG_IPV6 (Networking options/The IPv6 protocol)
    • CONFIG_IP6_NF_IPTABLES (Networking options/IPv6: Netfilter Configuration/IP6 tables support (required for filtering/masq/NAT))
    • CONFIG_IP6_NF_MANGLE (Networking options/IPv6: Netfilter Configuration/Packet mangling)
    • other basic stuff (TCP/IP networking, ...)
  • CONFIG_NET_SCHED (Networking options/QoS and/or fair queueing/QoS and/or fair queueing)
  • the QoS qdisc(s) (and maybe filter(s)) you intend to use (Networking options / QoS and/or fair queueing / *)
  • probably (if not using exclusively QoS filters) CONFIG_IP_NF_TARGET_MARK (Networking options/IP: Netfilter Configuration/MARK target support) and/or CONFIG_IP6_NF_TARGET_MARK (Networking options/IPv6: Netfilter Configuration/MARK target support) and some netfilter match targets
You can put any or all of these parts in modules if you like (and is possible because of dependencies).

Compiling and installing the kernel

You can compile and install the kernel as you usually do.
I used: 

make-kpkg --append-to-version imq1 --initrd kernel_image

Installing IMQ support in iptables


What you will need:

  • a relatively recent iptables source; you can fetch it from http://www.netfilter.org/
  • the latest IMQ patch for the given version of iptables; you can fetch it from http://www.linuximq.net/
  • some familiarity with compiling and installing an application from source

Step-by-step instructions

Some doc is here: http://www.linuximq.net/faq.html 7 - How to apply IMQ patch to iptables >= 1.2.9?

Patching iptables

wip
On Debian Etch (linux 2.6.17, iptables 1.3.6), download iptables with: 

apt-get source iptables
Next get the build dependencies: 

apt-get build-dep iptables
Source and tools in hand, change directory: 

cd /usr/src/[iptables package name]/
e.g. 

cd /usr/src/iptables-1.3.6.0debian1/
Next, you must link the linux directory to your linux source directory: 

rm -rf linux
ln -s /usr/src/linux-source-2.6.17 linux
Now change directory to the actual iptables source directory: 

cd /usr/src/[iptables package name]/iptables
e.g. 

cd /usr/src/iptables-1.3.6.0debian1/iptables
That trailing /iptables is important - initially i did not realize the source was in the subdirectory. Here you may apply the patch: 

patch -p1 <../../iptables-1.3.0-imq1.diff
And chmod the scripts it creates: 

chmod +x extensions/.IMQ-test*
Now you have patched source.

Compiling iptables

Don't forget to make the scripts executable 

patch -p1 <../iptables-1.2.9-imq1.diff
chmod +x extensions/.IMQ-test*
wip
Under Etch, use dpkg-buildpackage: 

cd /usr/src/[iptables package name]/
dpkg-build -rfakeroot -uc -b

Installing iptables

wip
ALERT!Make sure you removed old iptables installation (esp. remove your distro's package, if installed); otherwise you may end up with a screwed install (iptables binary finds modules in the wrong place), and it won't work.
Under Etch, cdup and run 

cd ../
dpkg -i [iptablespackage].deb
I would recommend you now apt-pin or use dselect to prevent it from automatically getting overwritten at the next apt-get update && apt-get upgrade.

Setting up IMQ

Now you have installed the needed components. You should go on your setup with HowToUse IMQ.

Source : http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/HowToInstall
Posted by at
Labels: , , , , , ,