Summary: | net-misc/l7-filter-userspace-0.11 fails to compile with net-libs/libnetfilter_conntrack-0.0.100 | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andrew Savchenko <bircoph> |
Component: | [OLD] Server | Assignee: | Daniel Black (RETIRED) <dragonheart> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alekiv, barzog, casta, jcdemay, joost.ruis, jwilk |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://sourceforge.net/tracker/?func=detail&aid=2834175&group_id=80085&atid=558668 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
build.log
environment l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch |
Description
Andrew Savchenko
2009-08-08 13:38:19 UTC
Created attachment 200577 [details]
build.log
Created attachment 200579 [details]
environment
Currently fallbacked to libnetfilter_conntrack-0.0.99. Bug is reported upstream. Created attachment 207560 [details, diff]
l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch
I tried to patch l7-filter-userspace-0.11 according to the recent API changes in libnetfilter_conntrack-0.0.100 (mostly some drops of deprecated code)
I knew nothing of both l7-filter-userspace and libnetfilter_conntrack source code 30 minutes ago, so I'm not really sure if the patch is ok, can someone test it and see if l7-filter-userspace still works as expected ?
Nope, unfortunately your patch only makes l7-f-u crash. Please test this one: http://hg.debian.org/hg/collab-maint/l7-filter-userspace/raw-file/tip/debian/patches/netfilter-conntrack-0.100.diff With this last patch l7-filter seems to be doing the job. But there seems to be some memory leak : RSS is constantly growing and never decrease. The more trafic is enqueued in the nfqueue, the more l7-filter's RSS grows thanks Indeed, the make_key() was broken. I have just updated my patch. (Sorry for the late response, somehow I never received of Guillaume's comment.) Hi, l7-filter is running with your updated patch for 4 hours now. Seems to be ok, RSS consumption is stable at around 5M. Many thanks !!! After around 24 hours of perfect running, I get a segfault : Nov 28 14:46:10 coruscant kernel: grsec: From 127.0.0.6: signal 11 sent to /usr/bin/l7-filter[l7-filter:801] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Seems to remain some issue. Guillaume, do you have a core dump? Backtrace would be appreciated. (In reply to comment #10) > Guillaume, do you have a core dump? Backtrace would be appreciated. > Sorry, core dump was disabled by security limits. I've enabled it, but currently, I have not reproduced the segfault... Runing fine for 3 days now. l7-filter just segfaulted. I have a core dump here : http://casta.nerim.net/l7-filter.core.bz2 Hope it will help you (In reply to comment #12) > l7-filter just segfaulted. > I have a core dump here : http://casta.nerim.net/l7-filter.core.bz2 Well file does not exist any more and ... well without debugging symbols core is not much use anyway. Could you build the package with debugging symbols as described here: http://www.gentoo.org/proj/en/qa/backtraces.xml then attach gdb the process, give it to run and as it fails gather and post here backtrace. I guess you'll need to rebuild libnet as well as l7-filter-userspace with debugging symbols. patch works. passes emerge. I had to write a overlay ebuild which has these added lines: diff /usr/portage/net-misc/l7-filter-userspace/l7-filter-userspace-0.11.ebuild l7-filter-userspace-0.11.ebuild 4c4,5 < --- > EAPI="2" > inherit eutils 17a19,21 > src_prepare() { > epatch "${FILESDIR}/netfilter-conntrack-0.100.diff" > } I ment to report that http://hg.debian.org/hg/collab-maint/l7-filter-userspace/raw-file/tip/debian/patches/netfilter-conntrack-0.100.diff solved this bug for me and I hope you ass it and push upstream. *** Bug 323147 has been marked as a duplicate of this bug. *** patch committed. Is reported upstream as per URL. Thanks Niv for the build/test. The wrong patch was included from comment 4 and l7-filter segfaults within 1 minute. Please add the patch from comment 15, that works. I am testing this on arm (sheevaplug) using the patch from Jakub, l7-filter-userspace compiles but does not execute due to the way it uses getopt. I think this stopped working after a gcc upgrade. Do I open separate bugs for adding an ~arm keyword and fixing execution of l7-filter with my patch? Please advise. Thanks. |