Hello, compilation fails due to recent API changes to libnetfilter_conntrack-0.0.100: x86_64-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -march=nocona -mcx16 -msahf --param l1-cache-line-size=64 --param l1-cache-size=16 --param l2-cache-size=256 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -pipe -fstack-protector -MT l7-filter.o -MD -MP -MF .deps/l7-filter.Tpo -c -o l7-filter.o l7-filter.cpp l7-conntrack.cpp: In function 'int sprintf_conntrack_key(char*, nfct_conntrack*, unsigned int)': l7-conntrack.cpp:129: error: 'nfct_sprintf_protocol' was not declared in this scope l7-conntrack.cpp:130: error: invalid use of incomplete type 'struct nfct_conntrack' l7-conntrack.h:53: error: forward declaration of 'struct nfct_conntrack' l7-conntrack.cpp:130: error: 'nfct_sprintf_address' was not declared in this scope l7-conntrack.cpp:131: error: invalid use of incomplete type 'struct nfct_conntrack' l7-conntrack.h:53: error: forward declaration of 'struct nfct_conntrack' l7-conntrack.cpp:131: error: 'nfct_sprintf_proto' was not declared in this scope l7-conntrack.cpp: In function 'int l7_handle_conntrack_event(void*, unsigned int, int, void*)': l7-conntrack.cpp:159: error: invalid use of incomplete type 'struct nfct_conntrack' l7-conntrack.h:53: error: forward declaration of 'struct nfct_conntrack' l7-conntrack.cpp:160: error: invalid use of incomplete type 'struct nfct_conntrack' l7-conntrack.h:53: error: forward declaration of 'struct nfct_conntrack' l7-conntrack.cpp:162: error: 'NFCT_MSG_DESTROY' was not declared in this scope l7-conntrack.cpp:163: error: 'NFCT_MSG_NEW' was not declared in this scope l7-conntrack.cpp:164: error: 'NFCT_MSG_UPDATE' was not declared in this scope l7-conntrack.cpp:165: error: 'NFCT_MSG_UNKNOWN' was not declared in this scope l7-conntrack.cpp:168: error: 'NFCT_MSG_NEW' was not declared in this scope l7-conntrack.cpp:182: error: 'NFCT_MSG_DESTROY' was not declared in this scope l7-conntrack.cpp: In destructor 'l7_conntrack::~l7_conntrack()': l7-conntrack.cpp:196: error: 'nfct_conntrack_free' was not declared in this scope l7-conntrack.cpp: In member function 'void l7_conntrack::start()': l7-conntrack.cpp:233: error: 'nfct_register_callback' was not declared in this scope l7-conntrack.cpp:234: error: 'nfct_event_conntrack' was not declared in this scope l7-conntrack.cpp:237: error: 'nfct_conntrack_free' was not declared in this scope make[1]: *** [l7-conntrack.o] Error 1 $ emerge --info Portage 2.2_rc36 (default/linux/amd64/2008.0, gcc-4.3.3, glibc-2.10.1-r0, 2.6.30.4-sheryl x86_64) ================================================================= System uname: Linux-2.6.30.4-sheryl-x86_64-Intel-R-_Celeron-R-_CPU_2.53GHz-with-gentoo-2.0.1 Timestamp of tree: Wed, 05 Aug 2009 19:15:01 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 4.0_p28 dev-lang/python: 2.6.2-r1, 3.1 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.6.4-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.6.3, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -mcx16 -msahf --param l1-cache-line-size=64 --param l1-cache-size=16 --param l2-cache-size=256 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -pipe -fstack-protector" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=nocona -mcx16 -msahf --param l1-cache-line-size=64 --param l1-cache-size=16 --param l2-cache-size=256 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -pipe -fstack-protector" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y" FEATURES="assume-digests ccache collision-protect distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox" FFLAGS="-march=nocona -mcx16 -msahf --param l1-cache-line-size=64 --param l1-cache-size=16 --param l2-cache-size=256 -O2 -funswitch-loops -fpredictive-commoning -fgcse-after-reload -ftree-vectorize -fomit-frame-pointer -pipe -fstack-protector" GENTOO_MIRRORS=" ftp://bircoph/distributive/gentoo/portage ftp://ftp.chg.ru/pub/Linux/gentoo http://mirror.yandex.ru//gentoo-distfiles http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="ru_RU.UTF-8" LC_ALL="" LDFLAGS="-Wl,-O1" LINGUAS="ru en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/science /usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="aalib acl acpi adns amd64 bash-completion blas bluetooth bzip2 caps cdb cli clisp cracklib crypt cscope ctype cups curl curlwrappers cvs cxx cyrillic djvu doc eap-tls editor encode enscript examples exif expat fftw foomaticdb fortran ftp gdbm geoip gif ginac git gmp gnuplot gnutls gpgme gpm gsl hardened hdf5 iconv idn imap iproute2 ipv6 isdnlog javascript jpeg jpeg2k keyscrub kpathsea lapack latex libcaca libwww lm_sensors logrotate lzo maildir mailwrapper mbox md5sum mhash mime mmap mmx mng mppe-mppc mudflap multilib mysql mysqli ncurses netcdf network-cron nls nntp nocd nptlonly objc objc++ offensive openexr otr pam pch pcntl pcre pdf perl plotutils png pop posix ppds pppd raw readline recode reflection rle samba scanner session sharedmem slang slp smtp sockets socks5 sparse spell spl sse sse2 sse3 ssl subversion supernodal sysfs syslog szip tcpd tiff unicode usb vim vim-syntax wifi xattr yaz zlib" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authz_host dir mime" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en" USERLAND="GNU" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Created attachment 200577 [details] build.log
Created attachment 200579 [details] environment
Currently fallbacked to libnetfilter_conntrack-0.0.99. Bug is reported upstream.
Created attachment 207560 [details, diff] l7-filter-userspace-0.11-libnetfilter_conntrack-0.0.100.patch I tried to patch l7-filter-userspace-0.11 according to the recent API changes in libnetfilter_conntrack-0.0.100 (mostly some drops of deprecated code) I knew nothing of both l7-filter-userspace and libnetfilter_conntrack source code 30 minutes ago, so I'm not really sure if the patch is ok, can someone test it and see if l7-filter-userspace still works as expected ?
Nope, unfortunately your patch only makes l7-f-u crash. Please test this one: http://hg.debian.org/hg/collab-maint/l7-filter-userspace/raw-file/tip/debian/patches/netfilter-conntrack-0.100.diff
With this last patch l7-filter seems to be doing the job. But there seems to be some memory leak : RSS is constantly growing and never decrease. The more trafic is enqueued in the nfqueue, the more l7-filter's RSS grows thanks
Indeed, the make_key() was broken. I have just updated my patch. (Sorry for the late response, somehow I never received of Guillaume's comment.)
Hi, l7-filter is running with your updated patch for 4 hours now. Seems to be ok, RSS consumption is stable at around 5M. Many thanks !!!
After around 24 hours of perfect running, I get a segfault : Nov 28 14:46:10 coruscant kernel: grsec: From 127.0.0.6: signal 11 sent to /usr/bin/l7-filter[l7-filter:801] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Seems to remain some issue.
Guillaume, do you have a core dump? Backtrace would be appreciated.
(In reply to comment #10) > Guillaume, do you have a core dump? Backtrace would be appreciated. > Sorry, core dump was disabled by security limits. I've enabled it, but currently, I have not reproduced the segfault... Runing fine for 3 days now.
l7-filter just segfaulted. I have a core dump here : http://casta.nerim.net/l7-filter.core.bz2 Hope it will help you
(In reply to comment #12) > l7-filter just segfaulted. > I have a core dump here : http://casta.nerim.net/l7-filter.core.bz2 Well file does not exist any more and ... well without debugging symbols core is not much use anyway. Could you build the package with debugging symbols as described here: http://www.gentoo.org/proj/en/qa/backtraces.xml then attach gdb the process, give it to run and as it fails gather and post here backtrace. I guess you'll need to rebuild libnet as well as l7-filter-userspace with debugging symbols.
patch works. passes emerge. I had to write a overlay ebuild which has these added lines: diff /usr/portage/net-misc/l7-filter-userspace/l7-filter-userspace-0.11.ebuild l7-filter-userspace-0.11.ebuild 4c4,5 < --- > EAPI="2" > inherit eutils 17a19,21 > src_prepare() { > epatch "${FILESDIR}/netfilter-conntrack-0.100.diff" > }
I ment to report that http://hg.debian.org/hg/collab-maint/l7-filter-userspace/raw-file/tip/debian/patches/netfilter-conntrack-0.100.diff solved this bug for me and I hope you ass it and push upstream.
*** Bug 323147 has been marked as a duplicate of this bug. ***
patch committed. Is reported upstream as per URL. Thanks Niv for the build/test.
The wrong patch was included from comment 4 and l7-filter segfaults within 1 minute. Please add the patch from comment 15, that works. I am testing this on arm (sheevaplug) using the patch from Jakub, l7-filter-userspace compiles but does not execute due to the way it uses getopt. I think this stopped working after a gcc upgrade. Do I open separate bugs for adding an ~arm keyword and fixing execution of l7-filter with my patch? Please advise. Thanks.
