To make it consistent with the latest l7-filter version which was released for kernel 20+ and avoid extra downloading, the line of the ebuild: L7_PV="2.9" should be changed to: L7_PV="2.10"
Additional Info: if use l7filter && \ [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" fi The above lines block iptables to be emerged if l7-filter-2.10 is used. With kernel 20+ the location of that file is obsolete.
(In reply to comment #1) > Additional Info: > > if use l7filter && \ > [ ! -f "${KERNEL_DIR}/net/ipv4/netfilter/ipt_layer7.c" ]; then > die "For layer 7 support emerge net-misc/l7-filter-${L7_PV} before this" > fi > > The above lines block iptables to be emerged if l7-filter-2.10 is used. With > kernel 20+ the location of that file is obsolete. -if l7-filter-2.10 is used +if l7-filter-2.10+ is used >
k I'll take care of it. i'll update the imq patch too
L7_PV="2.9" should be changed to: L7_PV="2.11"
fine, very nice you did not complain about me, being too keen ;) I just like moving fast :D Keep up the good work!
Created attachment 123875 [details, diff] patchsofar work in progress - upstream compile bugs http://sourceforge.net/tracker/index.php?func=detail&aid=1747807&group_id=80085&atid=558668
meanwhile first of all, thanks to Daniel! For all of you who can't wait to get l7-filter going, here is the deal: Compile iptables against 2.6.19.7 source with useflag l7filter enabled. iptables will work with l7-filter. Of course, it's a really dirty hack so use at your own risk.
i'd just as soon scrub l7-filter from the iptables ebuild ... problem solved
(In reply to comment #8) > i'd just as soon scrub l7-filter from the iptables ebuild ... problem solved > me too and soon. upstream is moving to using userspace filters.
well, userspace version is far from being stable
Okay, upstream released iptables patch: http://sourceforge.net/project/shownotes.php?group_id=80085&release_id=520909 @SpanKY: The l7-filter-team is doing a great job. At the moment, the only possibility to shape traffic on layer7 basis is l7-filter. The current userspace version is far from being stable. If, and there might be a long way to go, the userspace version is ready to go, then I agree with scrubbing l7-filter. (my2cents)
Created attachment 123955 [details] iptables-1.3.8-r1.ebuild The patch is now chosen be dependency of header files in the kernel.
(In reply to comment #12) > Created an attachment (id=123955) [edit] > iptables-1.3.8-r1.ebuild > > The patch is now chosen be dependency of header files in the kernel. > Yes. Didn't like the imq version bump in my previous patch? Oh well. Hope it works for you and tell me if it doesn't. ref "The current userspace version is far from being stable" I know upstream doesn't classify it as stable however there are no bugs listed in the upstream. If you know of some add them. this isn't the best forum for discussion so lets leave it there. I'll maintain l7-filter and associated patches to the level of my ability and interest which won't last forever. Once upstream says userspace is stable I'll drop these with extreme prejudice.
uhm, haven't seen the imq-version bump. Nice move! Thanks a lot!
This is an ebuild which will use l7-filter-2.13, l7-filter-2.13 is a bugfix and should be prefered over 2.12.x. See: http://sourceforge.net/project/shownotes.php?group_id=80085&release_id=528562
Created attachment 127271 [details] ebuild for iptables including l7-filter-2.13
reopen
(In reply to comment #17) > reopen Errr; can we please stop recycling this bug after it's been resolved?
reclose. BTW patches are good for ebuild changes.
@Jakub @Daniel okay next time then :)
