newer version of l7-filter is out, new paterns are out, they include some
upgrades for P2P marking
current version in portage 1.4, newest is 1.5 released on 2.9
l7-protocols in portage is prety outdated (17.7.05)
Steps to Reproduce:
version 1.4 is merged and working fine
version 1.5 would be nice :)
l7-protocols is normally pretty up to date although normally you need ~x86
keywords. I've make a september release stable now.
l7-filter-1.5 - I'm still working on it. I'm trying to get it not to break the
kernel-sources when you unmerge it. This will be done in a few weeks. I'll do
the bump on iptables to use 1.5 at the same time.
ok 1.5 added - I did get time.
Caution - old versions of 1.4 may remove the netfilter Makefile from the
linux sources. This will require a reinstallation of the linux sources.
I've hopefully fixed the 1.4 so that it can be safely unmerged.
well 1.5 doesnt work at all. Its impossible to compile kernel with this module.
At least on AMD64. I have tried it with gentoo sources and with hardened-sources.
CC [M] net/ipv4/netfilter/ipt_layer7.o
net/ipv4/netfilter/ipt_layer7.c:26:43: linux/netfilter_ipv4/lockhelp.h: No such
file or directory
net/ipv4/netfilter/ipt_layer7.c:71: warning: type defaults to `int' in
declaration of `DECLARE_RWLOCK'
net/ipv4/netfilter/ipt_layer7.c:71: warning: parameter names (without types) in
net/ipv4/netfilter/ipt_layer7.c:71: warning: data definition has no type or
net/ipv4/netfilter/ipt_layer7.c:72: warning: type defaults to `int' in
declaration of `DECLARE_LOCK'
net/ipv4/netfilter/ipt_layer7.c:72: warning: parameter names (without types) in
net/ipv4/netfilter/ipt_layer7.c:72: warning: data definition has no type or
net/ipv4/netfilter/ipt_layer7.c: In function `match_no_append':
net/ipv4/netfilter/ipt_layer7.c:241: warning: implicit declaration of function
net/ipv4/netfilter/ipt_layer7.c:241: error: `ct_lock' undeclared (first use in
net/ipv4/netfilter/ipt_layer7.c:241: error: (Each undeclared identifier is
reported only once
net/ipv4/netfilter/ipt_layer7.c:241: error: for each function it appears in.)
net/ipv4/netfilter/ipt_layer7.c:260: warning: implicit declaration of function
net/ipv4/netfilter/ipt_layer7.c: In function `match':
net/ipv4/netfilter/ipt_layer7.c:380: warning: implicit declaration of function
net/ipv4/netfilter/ipt_layer7.c:380: error: `list_lock' undeclared (first use in
net/ipv4/netfilter/ipt_layer7.c:383: warning: implicit declaration of function
net/ipv4/netfilter/ipt_layer7.c:386: error: `ct_lock' undeclared (first use in
net/ipv4/netfilter/ipt_layer7.c: At top level:
net/ipv4/netfilter/ipt_layer7.c:457: warning: initialization from incompatible
make: *** [net/ipv4/netfilter/ipt_layer7.o] Error 1
make: *** [net/ipv4/netfilter] Error 2
make: *** [net/ipv4] Error 2
make: *** [net] Error 2
my suggestion is to remove it from portage tree and focus on l7-filter-2.0, beta
Btw... let me describe what gonna happen, if you upgrade from l7-filter-1.4 to 1.5
Imagine, that you have working 1.4
then you type emerge world -u
1.5 is downloaded, kernel is patched (jaj it might be ok to patch 1.4 files)
When emerge of 1.5 is over, it start to unmerge 1.4 .
Ummmm it seems to me, that it simply delete patched files, because you will end
in situation, when you portage tree "think" that 1.4 1.5 are both installed ,
non of then can be unmerged, but there is no layer7 source file in kernel tree.
The only one solution was to remove kernel tree, both version can be unmerged
then, emerge tree again and so on....
I fubared my kernel tree few times and 1.5 realy doesnt work on amd64(duno about
Anyway thx for coop,im looking forward to test 2.0 you :)
looks like your compile error needs the additional_patch_for_2.6.13.diff patch
that was in 1.4 to work. I think looking at the 1.5 patches seemed to include
this one. Maybe I was wrong.
The removal process was totally broken in 1.4. I've put some code in that
hopefully corrects it by doing an unpatch rather than a removal of the patched
I'm working on a 2.0_beta ebuild now. Will be added soon.
For one/two days the new l7-filter-2.0_beta fails to patch the source.The logs:
>>> Unpacking source...
* Determining the location of the kernel source code
* Found kernel source directory:
* Found sources for kernel version:
>>> Unpacking netfilter-layer7-v2.0-beta.tar.gz to
* Applying kernel-2.6.11-2.6.12-layer7-1.4.patch ...
* Failed Patch: kernel-2.6.11-2.6.12-layer7-1.4.patch !
* Include in your bugreport the contents of:
!!! ERROR: net-misc/l7-filter-2.0_beta failed.
!!! Function epatch, Line 361, Exitcode 0
!!! Failed Patch: kernel-2.6.11-2.6.12-layer7-1.4.patch!
!!! If you need support, post the topmost build error, NOT this status message.
Will attach the patch log next. Thanks. Now using 1.5.
Created attachment 69275 [details]
patch error log
ok - fixed 2.0_beta. Try to emerge -C l7-filter and re-emerge. Thanks Rumen
Fixed for me too. Not very sure, but emerged new gentoo-sources-2.6.13-r2 kernel
applied l7-filter-2.0_beta and it passed wo errors.Maybe some things left from
previous patches were the culpit. Issue closed.
it was an issue specific to the 2.6.12 kernel