Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] l7-filter on amd64 ???
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on AMD64
View previous topic :: View next topic  
Author Message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Sun Apr 03, 2005 5:04 pm    Post subject: [SOLVED] l7-filter on amd64 ??? Reply with quote

Have anyone tried or successfully used l7-filter on amd64?
Code:
*  net-misc/l7-filter [ Masked ]
      Latest version available: 1.1
      Latest version installed: [ Not Installed ]
      Size of downloaded files: 69 kB
      Homepage:    http://l7-filter.sourceforge.net
      Description: Kernel modules for layer 7 iptables filtering
      License:     GPL-2

*  net-misc/l7-protocols [ Masked ]
      Latest version available: 2005.03.14
      Latest version installed: [ Not Installed ]
      Size of downloaded files: 53 kB
      Homepage:    http://l7-filter.sourceforge.net/protocols
      Description: Protocol definitions of l7-filter kernel modules
      License:     GPL-2

It seems that these packages are marked by "missing keyword":
http://packages.gentoo.org/search/?sstring=l7

And I need that filter very much for my 64-bit server... :(
_________________
gentoo user


Last edited by tnt on Mon Jul 11, 2005 3:47 pm; edited 1 time in total
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Mon Apr 18, 2005 3:54 pm    Post subject: Reply with quote

I've even filled bug report

https://bugs.gentoo.org/show_bug.cgi?id=88218

but there's no response... :(
_________________
gentoo user
Back to top
View user's profile Send private message
Maedhros
Bodhisattva
Bodhisattva


Joined: 14 Apr 2004
Posts: 5511
Location: Durham, UK

PostPosted: Mon Apr 18, 2005 5:07 pm    Post subject: Reply with quote

Have you tested it to see if it works? The reason it doesn't have a keyword at the moment is probably that no-one responsible for that package can test it on amd64, so it would probably help a lot if you could test it and report whether it works or not.
_________________
No-one's more important than the earthworm.
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Mon Apr 18, 2005 5:25 pm    Post subject: Reply with quote

OK, I'll test it... I hope I remember how to hack those /etc/portage/* files to be able to emerge it... :)
_________________
gentoo user
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Fri Apr 22, 2005 4:25 pm    Post subject: Reply with quote

I've emerged l7-fitler and l7-protocols packages. They partialy work.
I can use them on almost every protocol - only http and fasttrack doesn't work.

Problem is something like this:
Code:
titan saomege # iptables -t mangle -A POSTROUTING -o eth2 -m layer7 --l7proto fasttrack -j MARK --set-mark 0x5
Segmentation fault

titan saomege # iptables -t mangle -A POSTROUTING -o eth2 -m layer7 --l7proto http -j MARK --set-mark 0x5
*** glibc detected *** double free or corruption (!prev): 0x000000000050feb0 ***
Aborted

titan saomege #

and solution for that should be this (from l7-filter-developers mailing list):
Code:
 Ok, try replacing "int" with "size_t" at line 62:
 
 -- extensions/libipt_layer7.c.orig     2005-03-06 22:20:28.043163816 -0600
 +++ extensions/libipt_layer7.c  2005-03-06 22:14:13.616085384 -0600
 @@ -59,7 +59,7 @@ int parse_protocol_file(char * filename,
   {
          FILE * f;
          char * line = NULL;
 -       int len = 0;
 +       size_t len = 0;
 
          enum { protocol, pattern, done } datatype = protocol;


But... I don't know how to patch iptables source during an emerge - it always gets overwritten by original one.

Any links to gentoo-manual-package-compilation guide? :)
_________________
gentoo user
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Fri Apr 22, 2005 7:47 pm    Post subject: Reply with quote

Found a way with ebuild. Everything seems to work fine now.

Filled a bug report:

https://bugs.gentoo.org/show_bug.cgi?id=88218

Hope it will be read soon...

:wink:
_________________
gentoo user
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Sat Apr 30, 2005 6:59 pm    Post subject: Reply with quote

It works well. Here's the graph of my ISDN line where I shape p2p traffic:

http://www.aaen.edu.yu/~tnt/forums/titan.eth2-week.png
_________________
gentoo user
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Wed Jun 08, 2005 12:33 pm    Post subject: Reply with quote

Works great for me for over a month and a half but nobody cares about my bug report... :(

https://bugs.gentoo.org/show_bug.cgi?id=88218
_________________
gentoo user
Back to top
View user's profile Send private message
tnt
Veteran
Veteran


Joined: 27 Feb 2004
Posts: 1227

PostPosted: Mon Jul 11, 2005 3:46 pm    Post subject: Reply with quote

Great news: finaly in the portage tree !!!
_________________
gentoo user
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on AMD64 All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum