I've been talking to Matthew Strait from l7-filter team, and got this answer: >> Does l7-filter compiles/works on amd64 architecture >>(namely: gentoo amd64 with kernel 2.6.11)? >> >> (It has been "masked" by "missing keyword" in gentoo portage, >> so I'm afraid to install it without any aprovement of my amd64 idea) > >It does work on AMD64. I don't, however, know if the gentoo package works. > >-matthew So, is there any chance to get ~amd64 keyword on l7-filter and l7-protocols packages?
I've emerged l7-filter-1.2 and l7-protocols-2005.03.14 packages and it worked fine except for "http", "fasttrack" and "gnutella" protocols that gave me segfaults and "*** glibc detected *** double free or corruption". So, I've read l7-filter-developers mailing list archive and found that there's a simple pach that should be applied against extensions/libipt_layer7.c in order to avoid those bugs. Here is the patch: > -- extensions/libipt_layer7.c.orig 2005-03-06 22:20:28.043163816 -0600 > +++ extensions/libipt_layer7.c 2005-03-06 22:14:13.616085384 -0600 > @@ -59,7 +59,7 @@ int parse_protocol_file(char * filename, > { > FILE * f; > char * line = NULL; > - int len = 0; > + size_t len = 0; > > enum { protocol, pattern, done } datatype = protocol; Patch is reather old and it is already in l7-filter-1.2 iptables patchset, but when I looked to the extensions/libipt_layer7.c in my /var/tmp/portage/iptables-1.2.11-r3/work/iptables-1.2.11/extensions/libipt_layer7.c I've found that there's old "int" instead of patched "size_t". So, I've patched that manualy and recompiled iptables. Everything works fine now. I can set all rules I wasn't able to set. Maybe there should be l7-filter-1.2-r1 or some other iptables version with this patch applied, and maybe we would be able to get first ~amd64 keywords on l7-filter and l7-protocols packages... Portage 2.0.51.19 (default-linux/amd64/2004.3, gcc-3.4.3-20050110, glibc-2.3.4.20041102-r1, 2.6.11-gentoo-r6 x86_64) ================================================================= System uname: 2.6.11-gentoo-r6 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Apr 4 2005, 17:14:35)] distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.14 virtual/os-headers: 2.6.8.1-r4 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CFLAGS="-O2 -march=athlon64 -pipe -frename-registers -fweb -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -pipe" DISTDIR="/users/tnt/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox strict" GENTOO_MIRRORS="ftp://mirror.etf.bg.ac.yu/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="amd64 acpi apache2 berkdb bitmap-fonts crypt cups encode exif extensions font-server fortran gd gif gpm imagemagick jabber jp2 jpeg libwww logrotate lzw lzw-tiff mp3 multilib mysql ncurses nls nptl nptlonly oggvorbis pam perl php png python readline rrdtool samba slang snmp ssl tcpd tiff truetype truetype-fonts type1-fonts unicode usb userlocales xml2 xpm xrandr zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
l7-filter and l7-packages I've emerged work well for more then one week. You can look at traffic graph of my ISDN line just as one example: http://www.aaen.edu.yu/~tnt/forums/titan.eth2-week.png P.S. Anybody reading this?
Works great for month and a half...
Sorry for the delay. Marking this requires a dev or AT who can actually run these packages and test them, on an amd64 box. This is the kind of niche package that is not easy to run, and not likely to be run on an amd64 box. I'll look into testing it, but I'm fairly busy with real life right now, so it won't happen immediately.
Version 1.2 works fine on my AMD64 box. Don't know anything about version 1.4. Take your time... :)
finally in the tree, sorry for the big delay
Thank you all - l7-filter is a great feature!