would be nice to see it in portage
would be very nice, I agree :-)
is there any l7-filter version that works with gentoo-sources 2.6.16 ?
Nebojsa does 2.1 fail? Do others fail?
I've tried the latest one in the portage - 2.0 It compiles well (patches iptables and kernel without any error message) but I get no l7-filter option in 'make menuconfig': [ebuild R ] sys-kernel/gentoo-sources-2.6.16-r1 -build -doc -symlink (-ultra1) 0 kB [ebuild R ] net-firewall/iptables-1.3.4 +extensions -ipv6 -static 0 kB [ebuild R ] net-misc/l7-filter-2.0 0 kB It seams that everything is installed well, but there is no l7-filter in kernel configuration. I guess the problem is related with recent kernel menu restructuring: in newest kernel iptables configuration is separated in two parts - 'Core Netfilter Configuration' and 'IP: Netfilter Configuration'. Just a guess... emerge info Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16-gentoo-r1 i686) ================================================================= System uname: 2.6.16-gentoo-r1 i686 Intel(R) Pentium(R) III CPU family 1266MHz Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/mnt/storage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apache2 bzip2 cli crypt ctype dba dri eds emboss encode esd exif expat fastbuild force-cgi-redirect ftp gd gdbm gif gstreamer imagemagick isdnlog jpeg libg++ libwww logrotate memlimit mp3 mpeg mysql ncurses nptl nptlonly ogg oggvorbis pam pcre perl php png posix pppd python readline rrdtool session simplexml smp snmp soap sockets spl ssl tcpd threads tokenizer truetype truetype-fonts type1-fonts udev usb vorbis xml xml2 xsl zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LINGUAS
Nebojsa bug 118157
here's what I get: tualatin linux # cat .config|grep IP_NF_IPTABLES CONFIG_IP_NF_IPTABLES=y tualatin linux # cat .config|grep IP_NF_CT_ACCT CONFIG_IP_NF_CT_ACCT=y tualatin linux # cat .config|grep IP_NF_CONNTRACK CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CONNTRACK_MARK=y # CONFIG_IP_NF_CONNTRACK_EVENTS is not set tualatin linux # cat .config|grep EXPERIMENTAL CONFIG_EXPERIMENTAL=y # DCCP Configuration (EXPERIMENTAL) # SCTP Configuration (EXPERIMENTAL) # TIPC Configuration (EXPERIMENTAL) # EDAC - error detection and reporting (RAS) (EXPERIMENTAL) tualatin linux # cat .config|grep LAYER7 tualatin linux # and there's no sign of LAYER7 :(
added version 2.1 - thanks Janosch Nebojsa - yes I can replicate the bug (with 2.1 and gentoo-sources-2.6.16-r3. I'm confused too. Can you just check and then it may be time for an upstream bug.
Same problem on both amd64 and x86 This is on amd64: manchester linux # emerge -pv gentoo-sources iptables l7-filter These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] sys-kernel/gentoo-sources-2.6.16-r3 -build -doc -symlink (-ultra1) 0 kB [ebuild R ] net-firewall/iptables-1.3.4 +extensions -ipv6 -static 0 kB [ebuild R ] net-misc/l7-filter-2.1 0 kB Total size of downloads: 0 kB manchester linux # cat .config|grep IP_NF_IPTABLES CONFIG_IP_NF_IPTABLES=y manchester linux # cat .config|grep IP_NF_CT_ACCT CONFIG_IP_NF_CT_ACCT=y manchester linux # cat .config|grep IP_NF_CONNTRACK CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y manchester linux # cat .config|grep EXPERIMENTAL CONFIG_EXPERIMENTAL=y # DCCP Configuration (EXPERIMENTAL) # SCTP Configuration (EXPERIMENTAL) # TIPC Configuration (EXPERIMENTAL) # EDAC - error detection and reporting (RAS) (EXPERIMENTAL) manchester linux # cat .config|grep LAYER7 manchester linux # emerge info Portage 2.0.54 (default-linux/amd64/2006.0, gcc-3.4.5, glibc-2.3.5-r2, 2.6.16-gentoo-r3 x86_64) ================================================================= System uname: 2.6.16-gentoo-r3 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe -ftracer -frename-registers -fweb -maccumulate-outgoing-args" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe -ftracer -frename-registers -fweb -maccumulate-outgoing-args" DISTDIR="/mnt/storage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://mirror.etf.bg.ac.yu/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--sort-common" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 acpi apache2 avi berkdb bitmap-fonts bzip2 cli crypt dri dvd eds emboss expat extensions fortran freetype gif gpm gstreamer gtk2 httpd imlib isdnlog jpeg libwww lm_sensors logrotate lzw lzw-tiff mod mysql ncurses nptl nptlonly pam pcre pdflib perl png pppd python quicktime readline reflection rrdtool sdl session snmp spell spl ssl tcpd threads tiff truetype truetype-fonts type1-fonts udev usb xml2 xorg zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LINGUAS and this is on x86: tualatin linux # emerge -pv gentoo-sources iptables l7-filter These are the packages that I would merge, in order: Calculating dependencies ...done! [ebuild R ] sys-kernel/gentoo-sources-2.6.16-r3 -build -doc -symlink (-ultra1) 0 kB [ebuild R ] net-firewall/iptables-1.3.4 +extensions -ipv6 -static 0 kB [ebuild R ] net-misc/l7-filter-2.1 0 kB Total size of downloads: 0 kB tualatin linux # cat .config|grep IP_NF_IPTABLES CONFIG_IP_NF_IPTABLES=y tualatin linux # cat .config|grep IP_NF_CT_ACCT CONFIG_IP_NF_CT_ACCT=y tualatin linux # cat .config|grep IP_NF_CONNTRACK CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CONNTRACK_MARK=y CONFIG_IP_NF_CONNTRACK_EVENTS=y tualatin linux # cat .config|grep EXPERIMENTAL CONFIG_EXPERIMENTAL=y # DCCP Configuration (EXPERIMENTAL) # SCTP Configuration (EXPERIMENTAL) # TIPC Configuration (EXPERIMENTAL) # EDAC - error detection and reporting (RAS) (EXPERIMENTAL) tualatin linux # cat .config|grep LAYER7 tualatin linux # emerge info Portage 2.0.54 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.5-r3, 2.6.16-gentoo-r3 i686) ================================================================= System uname: 2.6.16-gentoo-r3 i686 Intel(R) Pentium(R) III CPU family 1266MHz Gentoo Base System version 1.6.14 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.4.2 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -O2 -pipe -fomit-frame-pointer" DISTDIR="/mnt/storage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://mirror.etf.bg.ac.yu/gentoo/" LDFLAGS="-Wl,-O1 -Wl,--sort-common" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apache2 bzip2 cli crypt curl dri eds emboss encode esd exif expat gd gdbm gif gmp gstreamer imagemagick isdnlog jpeg ldap libg++ libwww logrotate mp3 mpeg mysql ncurses nptl nptlonly ogg oggvorbis pam pcre perl php png pppd python readline reflection rrdtool session smp snmp spl ssl tcpd threads truetype truetype-fonts type1-fonts udev usb vorbis xml xml2 xorg zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LINGUAS
Created attachment 85517 [details, diff] working patch this atch here works. founf it somewhere on the net, cant remmeber where ;)
Created attachment 85518 [details, diff] kernel-2.6.16-layer7-2.1.patch sorry guys, didnt realize that if i check pathc, it cant be a gzipped patch. heres the cleartext one
Created attachment 85538 [details, diff] kernel-2.6.16-layer7-2.1.patch2 I cleaned out the patch rejection message and the original files to make this more compact. I compared this to /var/tmp/portage//l7-filter-2.1/work/netfilter-layer7-v2.1/kernel-2.6.13-2.6.15-layer7-2.1.patch and only saw unimportant time and path differences. I'm not sure this will make any difference. Apply it to your /usr/src/linux-2.6.16 tree and see if anything changes. I'm not really keen on patches from unidenfied sources either which is why I looked at this so carefully.
this patch seems to work fine on x86. I'll check on the amd64, too.
seems to work fine on amd64, too.
*** Bug 131098 has been marked as a duplicate of this bug. ***
Fixed in l7-filter-2.1_p1. Thanks to Stefan Knoblich for spotting the blank line that i missed. Thanks all for the input.
