afonso/core-extra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
core-extra/wiki/CustomKernels.wiki
ahrenholz@gmail.com 650973d3be update status of IPsec
2012-07-19 19:16:01 +00:00

57 lines
No EOL
3.2 KiB
Text
Raw Blame History

#summary All about installing custom kernels.
= Linux Network Namespaces =
== Network Namespace Supported Features ==
Even with the latest Linux kernels, not all networking features may be ready for use with network namespaces. Generally, the newer the kernel, the better the support for netns. Here are notes organized by feature.
* IPsec - 3.2.0 works OK<br>for older kernels, patch available, see below.
* netfilter queuing - patch available, see below.
* interface index - patch available, see below.
* Linux bridging - works on Linux 3.0.0, but not on some earlier kernels<br>e.g.: 2.6.32-220.4.1.el6.x86_64 kernel panics with bridging<br>for 3.0.0, note that *brctl show* only shows bridges on the host, not within a netns<br>for 3.2.0-26-generic, brctl works fine on Ubuntu 12.04
* multicast routing - TBD
* QoS with tc queuing - TBD
* GRE tunneling - TBD
== CORE kernel patches ==
Some kernel patches are available from the CORE team, check a source tarball under the `kernels/` directory.
For example, CORE 4.3 includes a 2.6.38 kernel patch that addresses the following:
* virtualize the netfilter queue mechanism (allows iptables NFQUEUE targets)
* disable the flow cache (allows using IPsec between namespaces)
* virtualize network interface index numbers
See the `README.txt` file that comes with the kernel patches. A `Makefile` may be included for easily building a deb kernel package.
== Running a custom kernel PPA on Ubuntu ==
PPA = Personal Package Archive, an unsupported/bleeding-edge repository of deb packages.
The example here is installing the 2.6.35-rc4 kernel on Ubuntu 10.04. Normally 10.04 (Lucid) gives you a 2.6.32 kernel, but the 2.6.35 kernel features improved namespace support for netlink and iptables (thanks to patches submitted by Tom Goff.) This will allow us to run SMF for example, using netlink queueing to capture packets, and allows using the `tc` command for applying QoS rules.
# add the [https://launchpad.net/~kernel-ppa/+archive/ppa PPA for Ubuntu Kernel] to your system. Follow the link for more instructions.
{{{
sudo add-apt-repository ppa:kernel-ppa/ppa
}}}
If you are behind a firewall/proxy, the above command will likely fail to import the key from the keyserver. Solution can be found here [http://www.linuxquestions.org/questions/linux-software-2/adding-ppa-key-to-apt-748592/]
# install the new kernel
{{{
# on 2010-07-07 this installed linux-image-2.6.35-7-generic
sudo apt-get install linux-image-generic-lts-backport-maverick
}}}
# reboot to enable the new kernel; with the new GRUB 2, you need to hold down SHIFT if you want to interrupt startup and select a kernel.
== Building a custom Ubuntu kernel ==
Follow the directions here:
* https://wiki.ubuntu.com/KernelTeam/GitKernelBuild
* when running `make oldconfig` watch out for "CONFIG_X86_MRST=y" on 2.6.35 and set it to "n", or keyboard/mouse may be disabled ([http://ubuntuforums.org/showthread.php?p=9562261 thread])
= FreeBSD =
A small patch is required to the standard FreeBSD 8.x kernel for running CORE. That patch is included in the CORE source under the `kernel/` directory. See the FreeBSD installation instructions for recompiling the kernel.
This patch applies cleanly to the FreeBSD 9.0-RELEASE generic kernel.
Reference in a new issue View git blame Copy permalink