Fw: newnat patch for 2.4.17 with iptable compile error

matt\(ºÓ­ë\) matt@iazone.net
Sat, 26 Jan 2002 18:47:27 +0800 

I have got netfilter from cvs and select patch-o-matic that I want to kernel 2.4.17.
Kernel is complie ok, but make iptables have some error. I complie below module
======================================================
ip_conntrack_egg.o      ip_queue.o        ipt_LOG.o         ipt_REDIRECT.o
ip_conntrack_ftp.o      iptable_filter.o  ipt_mac.o         ipt_REJECT.o
ip_conntrack_irc.o      iptable_mangle.o  ipt_mark.o        ipt_state.o
ip_conntrack.o          iptable_nat.o     ipt_MARK.o        ipt_string.o
ip_conntrack_rpc_tcp.o  ip_tables.o       ipt_MASQUERADE.o  ipt_tcpmss.o
ip_conntrack_rpc_udp.o  ipt_ah.o          ipt_MIRROR.o      ipt_TCPMSS.o
ip_conntrack_talk.o     ipt_conntrack.o   ipt_mport.o       ipt_time.o
ip_conntrack_tftp.o     ipt_esp.o         ipt_multiport.o   ipt_tos.o
ip_nat_ftp.o            ipt_FTOS.o        ipt_NETMAP.o      ipt_TOS.o
ip_nat_irc.o            ipt_helper.o      ipt_owner.o       ipt_ttl.o
ip_nat_snmp_basic.o     ipt_iplimit.o     ipt_psd.o         ipt_TTL.o
ip_nat_talk.o           ipt_length.o      ipt_realm.o       ipt_unclean.o
ip_nat_tftp.o           ipt_limit.o       ipt_record_rpc.o
======================================================

[root@cisco123 iptables]#make KERNEL_DIR=/root/linux patch-o-matic
....
select patch-o-matic
....
[root@cisco123 iptables]#make KERNEL_DIR=/root/linux
.....
In file included from extensions/libipt_conntrack.c:14:
/root/linux/include/linux/netfilter_ipv4/ipt_conntrack.h:28: `IP_CT_DIR_MAX' undeclared here (not in
a function)
/root/linux/include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in
a function)
/root/linux/include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in
a function)
extensions/libipt_conntrack.c: In function `parse_status':
extensions/libipt_conntrack.c:103: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:103: (Each undeclared identifier is reported only once
extensions/libipt_conntrack.c:103: for each function it appears in.)
extensions/libipt_conntrack.c:105: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:107: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `parse':
extensions/libipt_conntrack.c:204: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:264: `IP_CT_DIR_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `print_status':
extensions/libipt_conntrack.c:372: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:376: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:380: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `matchinfo_print':
extensions/libipt_conntrack.c:428: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:448: `IP_CT_DIR_REPLY' undeclared (first use in this function)
make: *** [extensions/libipt_conntrack_sh.o] Error 1

It seem the code not include declared file. I have search the kernel source and 
netfilter userspace code, but not thing found. What I miss? 

Because I have already use the bridge-nf(0.0.6) and CBQ, I really want to use helper module
to limit traffic of ftp or generate h323 quility. Is helper module can work in this situation or
other method can do it?

Thank.