Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 88218

Summary: l7-filter and l7-protocols work on amd64
Product: Gentoo Linux Reporter: Nebojsa Trpkovic <trxman>
Component: New packagesAssignee: AMD64 Project <amd64>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Nebojsa Trpkovic 2005-04-06 15:54:48 UTC 
I've been talking to Matthew Strait from l7-filter team, and got this answer:

>> Does l7-filter compiles/works on amd64 architecture 
>>(namely: gentoo amd64 with kernel 2.6.11)?
>>
>> (It has been "masked" by "missing keyword" in gentoo portage, 
>> so I'm afraid to install it without any aprovement of my amd64 idea)
>
>It does work on AMD64.  I don't, however, know if the gentoo package works.
>
>-matthew 

So, is there any chance to get ~amd64 keyword on l7-filter and l7-protocols packages?
Comment 1 Nebojsa Trpkovic 2005-04-22 12:40:37 UTC 
I've emerged l7-filter-1.2 and l7-protocols-2005.03.14 packages and it worked fine except for "http", "fasttrack" and "gnutella" protocols that gave me segfaults and "*** glibc detected *** double free or corruption". 

So, I've read l7-filter-developers mailing list archive and found that there's a simple pach that should be applied against extensions/libipt_layer7.c in order to avoid those bugs. Here is the patch:

> -- extensions/libipt_layer7.c.orig     2005-03-06 22:20:28.043163816 -0600
> +++ extensions/libipt_layer7.c  2005-03-06 22:14:13.616085384 -0600
> @@ -59,7 +59,7 @@ int parse_protocol_file(char * filename,
>   {
>          FILE * f;
>          char * line = NULL;
> -       int len = 0;
> +       size_t len = 0;
>
>          enum { protocol, pattern, done } datatype = protocol;


Patch is reather old and it is already in l7-filter-1.2 iptables patchset, but when I looked to the extensions/libipt_layer7.c in my
/var/tmp/portage/iptables-1.2.11-r3/work/iptables-1.2.11/extensions/libipt_layer7.c
I've found that there's old "int" instead of patched "size_t". So, I've patched that manualy and recompiled iptables. 

Everything works fine now. I can set all rules I wasn't able to set. 

Maybe there should be l7-filter-1.2-r1 or some other iptables version with this patch applied, and maybe we would be able to get first ~amd64 keywords on l7-filter and l7-protocols packages...


Portage 2.0.51.19 (default-linux/amd64/2004.3, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r6 x86_64)
=================================================================
System uname: 2.6.11-gentoo-r6 x86_64 AMD Athlon(tm) 64 Processor 3000+
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.4-r1 [2.3.4 (#1, Apr  4 2005, 17:14:35)]
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
dev-lang/python:     2.3.4-r1
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r7
sys-devel/libtool:   1.5.14
virtual/os-headers:  2.6.8.1-r4
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon64 -pipe -frename-registers -fweb -fomit-frame-pointer"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -pipe"
DISTDIR="/users/tnt/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox strict"
GENTOO_MIRRORS="ftp://mirror.etf.bg.ac.yu/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="amd64 acpi apache2 berkdb bitmap-fonts crypt cups encode exif extensions font-server fortran gd gif gpm imagemagick jabber jp2 jpeg libwww logrotate lzw lzw-tiff mp3 multilib mysql ncurses nls nptl nptlonly oggvorbis pam perl php png python readline rrdtool samba slang snmp ssl tcpd tiff truetype truetype-fonts type1-fonts unicode usb userlocales xml2 xpm xrandr zlib"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
Comment 2 Nebojsa Trpkovic 2005-04-30 11:57:41 UTC 
l7-filter and l7-packages I've emerged work well for more then one week.

You can look at traffic graph of my ISDN line just as one example:
http://www.aaen.edu.yu/~tnt/forums/titan.eth2-week.png

P.S. Anybody reading this?
Comment 3 Nebojsa Trpkovic 2005-06-08 05:33:59 UTC 
Works great for month and a half...
Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev 2005-06-08 07:37:38 UTC 
Sorry for the delay. Marking this requires a dev or AT who can actually run
these packages and test them, on an amd64 box.  This is the kind of niche
package that is not easy to run, and not likely to be run on an amd64 box.  I'll
look into testing it, but I'm fairly busy with real life right now, so it won't
happen immediately.
Comment 5 Nebojsa Trpkovic 2005-06-08 07:46:41 UTC 
Version 1.2 works fine on my AMD64 box.

Don't know anything about version 1.4.

Take your time... :)
Comment 6 Simon Stelling (RETIRED) gentoo-dev 2005-07-11 06:59:57 UTC 
finally in the tree, sorry for the big delay
Comment 7 Nebojsa Trpkovic 2005-07-11 08:47:53 UTC 
Thank you all - l7-filter is a great feature!