there is a patch at https://sourceforge.net/tracker/index.php?func=detail&aid=1193721&group_id=40604&atid=428516 and info on there mailling lists don't know if it's a good one
Since iptables-1.3.2 is declared stable for days and people pulling in the new version, this should now really be fixed....
Can someone apply this patch? I'm affected by this bug too.
Created attachment 75514 [details, diff] ipac-ng-1.31-iptables-1.3.1.dpatch Patch from Ubuntu. http://packages.ubuntu.com/dapper/net/ipac-ng It applies and compiles correctly, but I'm having some trouble getting ipac-ng to work properly. Perhaps it's just me being stupid.
I don't quite have it working yet (0 incoming), but at least it is not bombing out in my face. Okies, ipac-ng-1.31-r2 has the patch. It is in package.mask. Please test.
(In reply to comment #4) > I don't quite have it working yet (0 incoming), but at least it is not bombing > out in my face. > > Okies, ipac-ng-1.31-r2 has the patch. It is in package.mask. > Please test. > I have the same problem. It seems to work now. But it does not. It does not count. No matter what rules I try it always only displays "0" bytes counted. Cannot be the case however. I testet with rules that were tried and tested on the same pc about 1 year ago.
This part of the patch is only garbage diff -urNad --exclude=CVS --exclude=.svn ./agents/iptables/iptables.c.orig /tmp/dpep-work.j5GgPv/ipac-ng-1.31/agents/iptables/iptables.c.orig --- ./agents/iptables/iptables.c.orig 1970-01-01 08:00:00.000000000 +0800 +++ /tmp/dpep-work.j5GgPv/ipac-ng-1.31/agents/iptables/iptables.c.orig 2005-09-07 07:19:45.000000000 +0800 I have the same problem of 0 bytes counting with know working rules.
Apply the second patch available at https://sourceforge.net/tracker/index.php?func=detail&aid=1193721&group_id=40604&atid=428516 and ipac-ng-1.3.1 work for me with iptables-1.3.4. the first patch should be only a cleaner version than the one from ubuntu (it did not include .c.orig part)
The fetchcounter patch is now available in 1.31-r2. It seems ipac-ng is working fine now at a first glance. Thanks Gilles. Ubuntu's patch is not exactly the same as the one available from sourceforge, so unless there is a reason to use sourceforge's one instead, I'd rather stick with it. Please test 1.31-r2 again :-). Thanks.
To control the difference between the two patches, I apply each on a new unpacked ipac-ng directory and made a diff From sf ipcop patch ipac-ng-1.31-sf # patch -Np1 < ../src/patches/ipac-ng-1.31-iptables-1.3.1.patch patching file agents/iptables/iptables.c patching file agents/iptables/libip4tc.c patching file agents/iptables/libiptc.c patching file agents/iptables/libiptc.h patching file agents/iptables/linux_list.h From ubuntu patch ipac-ng-1.31-ubuntu # patch -Np1 < ../src/patches/ipac-ng-1.31-iptables-1.3.1.gentoo.dpatch patching file agents/iptables/iptables.c Hunk #34 succeeded at 1158 (offset -1 lines). Hunk #35 succeeded at 1220 (offset -1 lines). Hunk #36 succeeded at 1228 (offset -1 lines). Hunk #37 succeeded at 1265 (offset -1 lines). Hunk #38 succeeded at 1310 (offset -1 lines). Hunk #39 succeeded at 1323 (offset -1 lines). Hunk #40 succeeded at 1371 (offset -1 lines). Hunk #41 succeeded at 1394 (offset -1 lines). Hunk #42 succeeded at 1480 (offset -1 lines). Hunk #43 succeeded at 1504 (offset -1 lines). Hunk #44 succeeded at 1533 (offset -1 lines). Hunk #45 succeeded at 1557 (offset -1 lines). Hunk #46 succeeded at 1569 (offset -1 lines). Hunk #47 succeeded at 1579 (offset -1 lines). Hunk #48 succeeded at 1673 (offset -1 lines). Hunk #49 succeeded at 1700 (offset -1 lines). The next patch would create the file agents/iptables/iptables.c.orig, which already exists! Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file agents/iptables/iptables.c.orig.rej patching file agents/iptables/libip4tc.c patching file agents/iptables/libiptc.c After removing the garbage (.c.orig, .c.orig.rej), the differences are very limited to a small portion of code defining a structure never used. diff -Nur ipac-ng-1.31-sf/agents/iptables/iptables.c ipac-ng-1.31-ubuntu/agents/iptables/iptables.c --- ipac-ng-1.31-sf/agents/iptables/iptables.c 2006-01-10 21:01:39.000000000 +0000 +++ ipac-ng-1.31-ubuntu/agents/iptables/iptables.c 2006-01-10 21:09:15.000000000 +0000 @@ -100,13 +100,6 @@ typedef struct iface_struct s_iface; -struct ipt_get_revision2 -{ - char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; - struct iptables_rule_match { struct iptables_rule_match *next; diff -Nur ipac-ng-1.31-sf/agents/iptables/libiptc.c ipac-ng-1.31-ubuntu/agents/iptables/libiptc.c --- ipac-ng-1.31-sf/agents/iptables/libiptc.c 2006-01-10 21:01:39.000000000 +0000 +++ ipac-ng-1.31-ubuntu/agents/iptables/libiptc.c 2006-01-10 21:09:15.000000000 +0000 @@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.2 $ */ +/* Library which manipulates firewall rules. Version $Revision: 3756 $ */ /* Architecture of firewall rules is as follows: *
I just tested using sourceforge's patch instead and got: iptables.c:104: error: redefinition of `struct ipt_get_revision'
In fact I was using the patch on ipcop cvs wich has a "struct ipt_get_revision2" definition. Anyway it was building too on ipcop with the patch posted on the bug report. I have cleaned the patch on ipcop cvs to remove warning on unused struct. The removed unused struc are ipt_get_revision2 replace_rule delete_num_rule The cleaned version will appear on cvs web interface after the usual sourceforge lag (a few hours) http://cvs.sourceforge.net/viewcvs.py/ipcop/ipcop/src/patches/#dirlist It does compile and run with gcc-3.3.3, glibc-2.3.3, linux-2.4.31, iptables-1.3.4, ipac-ng-1.31 Only compile tested with gcc-3.4.3, glibc-2.3.5, linux-2.6.14.5, iptables-1.3.4, ipac-ng-1.31
Ok, I updated the patchset. Thanks :-).
Ok, I'm happy with it. It's out of package.mask. Please reopen this bug if you have any problems.