libipt_recent is not there

This is in breezy:
% dpkg -s iptables
Package: iptables
Status: install ok installed
Priority: important
Section: net
Installed-Size: 968
Maintainer: Laurence J. Lane <email address hidden>
Architecture: i386
Version: 1.3.1-2ubuntu1

This module isn't part of iptables; it's a third-party add-on.

Confusing comes from the fact the Debian Sarge does ship libipt_recent.so...

Package: iptables
Status: install ok installed
Priority: important
Section: net
Installed-Size: 1240
Maintainer: Laurence J. Lane <email address hidden>
Architecture: i386
Version: 1.2.11-10

root@sol# ls -l /lib/iptables/libipt_recent.so
-rw-r--r-- 1 root root 6.3K 2004-12-02 01:38 /lib/iptables/libipt_recent.so

Will it be added or should I installed Debian Sarge's iptables package?

(In reply to comment #3)
> Confusing comes from the fact the Debian Sarge does ship libipt_recent.so...
>
> Package: iptables
> Status: install ok installed
> Priority: important
> Section: net
> Installed-Size: 1240
> Maintainer: Laurence J. Lane <email address hidden>
> Architecture: i386
> Version: 1.2.11-10
>
> root@sol# ls -l /lib/iptables/libipt_recent.so
> -rw-r--r-- 1 root root 6.3K 2004-12-02 01:38 /lib/iptables/libipt_recent.so
>
> Will it be added or should I installed Debian Sarge's iptables package?

No, I don't expect that it will. It's gone in Debian unstable as well. I
suspect that it's been superseded by a similar mechanism with a different name.

*** Bug 24207 has been marked as a duplicate of this bug. ***

>> root@sol# ls -l /lib/iptables/libipt_recent.so
>> -rw-r--r-- 1 root root 6.3K 2004-12-02 01:38 /lib/iptables/libipt_recent.so
>>
>> Will it be added or should I installed Debian Sarge's iptables package?

> No, I don't expect that it will. It's gone in Debian unstable as well. I
>suspect that it's been superseded by a similar mechanism with a different name.

WRONG! /lib/iptables/libipt_recent.so is not superceded by some unnamed
mechanism and _IS_ in debian unstable.
dpkg -s iptables (from debian unstable)
Package: iptables
Status: install ok installed
Priority: important
Section: net
Installed-Size: 1236
Maintainer: Laurence J. Lane <email address hidden>
Architecture: i386
Version: 1.3.3-2

ls -l /lib/iptables/libipt_recent.so
-rw-r--r-- 1 root root 6348 2005-08-06 16:05 /lib/iptables/libipt_recent.so

This is a bug in the Ubuntu package. This bug existed in unstable for quite
some time, but was resolved. Ubuntu package maintainer should resolve as well.

(In reply to comment #6)
> WRONG! /lib/iptables/libipt_recent.so is not superceded by some unnamed
> mechanism and _IS_ in debian unstable.

!!!!!!!

> This bug existed in unstable for quite some time, but was resolved.

If you have additional information about the problem, that would be helpful.
There's nothing about it in the Debian changelog.

If it truly was a bug which was fixed in unstable, it will be incorporated into
Ubuntu as part of the routine merge process.

What kind of timeline are we talking? is it going to be a year or a month? Any
Ideas? We institure portknocking institution wide and wont bother using Ubuntu
until this module is available. Thanks!

It seems you have to add "recent" to PF_EXT_SLIB in extensions/Makefile in the upstream source.

This generates the needed libipt_recent.so file.

Don't know though, why it's in Debian, but not Ubuntu.

I've now installed iptables from upstream into /usr/local, until it gets into Ubuntu's package.

The needed kernel module is available from the linux-image package
btw: /lib/modules/2.6.12-9-686/kernel/net/ipv4/netfilter/ipt_recent.ko

Due to extreme kernel brokenness it's hard to tell for sure, but it looks like
this is the problem:
Some time between 2.6.12 and 2.6.15 the RECENT match moved from patch-o-matic
into the mainline kernel. We've moved to the new kernel, so we have the
kernel-space code, but iptables is still being compiled against a 2.6.12 kernel,
wherein there is no support for the RECENT match. I expect that updating the
iptables package to be built against the new kernel will fix this and other
issues. There was a great deal of activity in the netfilter code going into 2.6.14.

libipt_recent.so exists in the newer package, but appears invalid.
#iptables -A INPUT -s 1.2.3.4 -m recent -name test --set
iptables v1.3.3: Unknown arg 'recent'
An strace shows it opening the correct lib. In my experience iptables really
likes to be built against the source of the running kernel, and with the amount
of change since 2.6.12 we should probably either resync the headers used in the
package or build against the actual source. I'd also like to add that a lot of
the new work in the netfilter code is pretty exciting and includes new userspace
interfaces for things that couldn't be directly manipulated before, like the
conntrack table, and would be awfully nice to have in dapper.

OK this has been fixed in dapper but the bug has not been updated.

This has been fixed for at least a couple of months in dapper

This fix is not going to be backported to Breezy.