you do not need to download any other distribution of iptables, Use the version provided with the source code. It get compiled automatically. Just make sure that all necessary modules are insmodded in the right order.
On Nov 25, 4:22 pm, Antonio Conforti <[email protected]> wrote: > I still have the same error ... I do not understand one thing: when I > download into a folder and there is a file Android.mk, how do I > compile it?If I try make I get an error. > > Thanks > > On 15 Nov, 09:33, hedwin <[email protected]> wrote: > > > With iptables you can make different rules per interface thuse > > allowing you to use ADB but keep the other interfaces in tight > > control. > > > 2010/11/9 Earlence <[email protected]>: > > > > yes. I just followed the instructions on the web page. nothing else. > > > > To add to my previous post: > > > iptables was not hanging, adding the command to drop all packets were > > > dropping the ADB packets as well! > > > Must use it carefully :) > > > > Cheers, > > > Earlence > > > > On Nov 9, 2:16 pm, Antonio Conforti <[email protected]> wrote: > > >> Thanks for you quickly answer...but did you download your source using > > >> repo command like this: > > > >> repo init -u git://android.git.kernel.org/platform/manifest.git > > >> ? > > > >> On Nov 9, 1:40 pm, Earlence <[email protected]> wrote: > > > >> > I think this is because, ADB itself operates over a network connection > > >> > with the emulator. > > >> > Adding that command drops everything, including ADB packets! > > > >> > Cheers, > > >> > Earlence > > > >> > On Nov 9, 1:23 pm, Earlence <[email protected]> wrote: > > > >> > > You must download the android platform source and build > > > >> > > source.android.com > > > >> > > after successful download and env setup, you can do something like: > > > >> > > $ source build/envsetup.sh > > >> > > $ lunch full_sapphire-userdebug > > >> > > $ make -j6 > > > >> > > After some time, in the out/.../sapphire/ you will get all the > > >> > > necessary images. > > >> > > Then you can boot your emulator to use the new kernel and built > > >> > > system > > >> > > images. > > > >> > > One problem though, > > >> > > I have not downloaded any external iptables source package. It seems > > >> > > I > > >> > > am using the one already present in AOSP/external/iptables. > > > >> > > When I Issue a command like this: > > > >> > > iptables -P OUTPUT DROP > > > >> > > Everything just hangs. I cannot quite the ADB shell, I cannot > > >> > > reconnect to the emulator...everything JUST HANGS! > > >> > > Any idea why this is happening? > > > >> > > All other iptables commands work properly. > > >> > > This hanging happens only when I try to reject all packets that were > > >> > > sent out. > > >> > > eg: iptables -A OUTPUT -j DROP > > >> > > also hangs. > > >> > > Any idea why? > > > >> > > Cheers, > > >> > > Earlence > > > >> > > On Nov 9, 10:29 am, Antonio Conforti <[email protected]> wrote: > > > >> > > > I have build my android goldfish downloading git clone > > >> > > > git://android.git.kernel.org/project/kernel/common.git then I have > > >> > > > downloaded iptables and compiled it!!! > > >> > > > I am interested in building an AOSP. Did you download from "http:// > > >> > > > android.git.kernel.org/" all project or only some parts? > > >> > > > I remember to you that I use Android Emulator. > > > >> > > > On Nov 8, 8:58 pm, Earlence <[email protected]> wrote: > > > >> > > > > AOSP = android open source project. > > >> > > > > I built a complete release version. all packages included (for > > >> > > > > HTC > > >> > > > > sapphire) > > > >> > > > > I think you should refer to > > >> > > > > this:http://www.linuxquestions.org/questions/linux-kernel-70/kernel-iptabl... > > > >> > > > > Also, use the make menuconfig option when building the kernel. > > >> > > > > See if > > >> > > > > you have missed anything there. > > > >> > > > > The iptables user space command was not compiled separately. > > > >> > > > > Also, I would take a look at stubs.c and see where > > >> > > > > getprotobyname is > > >> > > > > used. > > >> > > > > My guess is that its a simple conversion from a protocol name to > > >> > > > > an > > >> > > > > internal number used to identify the protocol. Again, just > > >> > > > > speculation, but worth checking out. > > > >> > > > > Cheers, > > >> > > > > Earlence > > > >> > > > > On Nov 8, 3:42 pm, Antonio Conforti <[email protected]> wrote: > > > >> > > > > > Good work Earlence. > > >> > > > > > I got your same problem. I have tried to compile kernel with > > >> > > > > > CONFIG_NETFILTER_XT_MATCH_OWNER, but didn't happen nothing. I > > >> > > > > > get this > > >> > > > > > error: > > > >> > > > > > FIX ME! implement getprotobyname() > > >> > > > > > bionic/libc/bionic/stubs.c:378 > > > >> > > > > > this is the command: > > >> > > > > > # iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > >> > > > > > FIX ME! implement getprotobyname() > > >> > > > > > bionic/libc/bionic/stubs.c:378 > > >> > > > > > # iptables -L > > >> > > > > > Chain INPUT (policy ACCEPT) > > >> > > > > > target prot opt source destination > > >> > > > > > FIX ME! implement getprotobynumber() > > >> > > > > > bionic/libc/bionic/stubs.c:384 > > >> > > > > > ACCEPT tcp -- anywhere anywhere > > >> > > > > > tcp > > >> > > > > > dpt:www > > > >> > > > > > Chain FORWARD (policy ACCEPT) > > >> > > > > > target prot opt source destination > > > >> > > > > > Chain OUTPUT (policy ACCEPT) > > >> > > > > > target prot opt source destination > > >> > > > > > # > > > >> > > > > > Any suggestions? > > >> > > > > > What is the full AOSP??? > > >> > > > > > do you have compiled your iptables out of the kernel? > > > >> > > > > > THANKS > > > >> > > > > > On 8 Nov, 09:08, Earlence <[email protected]> wrote: > > > >> > > > > > > HTC phone: I have not tried it yet. > > >> > > > > > > As I said, I have used goldfish, which is the emulator. > > > >> > > > > > > On Nov 8, 9:07 am, Earlence <[email protected]> wrote: > > > >> > > > > > > > that option is needed if you want the owner match > > >> > > > > > > > extension. > > >> > > > > > > > to compile: google a bit! there are lots of good > > >> > > > > > > > resources. you will > > >> > > > > > > > find previous threads on this forum itself > > > >> > > > > > > > On Nov 7, 3:35 pm, billmeteor chen <[email protected]> > > >> > > > > > > > wrote: > > > >> > > > > > > > > Is that need to compile the kernel? > > > >> > > > > > > > > How to do that by your steps? > > > >> > > > > > > > > Can I work it on the HTC phone? > > > >> > > > > > > > > On 11月6日, 下午7時12分, Earlence <[email protected]> > > >> > > > > > > > > wrote: > > > >> > > > > > > > > > correct. > > >> > > > > > > > > > that option should be configured, along with other > > >> > > > > > > > > > extensions you may > > >> > > > > > > > > > need. > > > >> > > > > > > > > > Cheers, > > >> > > > > > > > > > Earlence > > > >> > > > > > > > > > On Nov 6, 6:04 am, "[email protected]" > > >> > > > > > > > > > <[email protected]> > > >> > > > > > > > > > wrote: > > > >> > > > > > > > > > > Is that because the linux kernel was not compiled > > >> > > > > > > > > > > with > > >> > > > > > > > > > > CONFIG_NETFILTER_XT_MATCH_OWNER option so that the > > >> > > > > > > > > > > netfilter cannot do > > >> > > > > > > > > > > anything with OWNER option ? > > > >> > > > > > > > > > > Wilson > > > >> > > > > > > > > > > 2010/11/6 billmeteor chen <[email protected]> > > > >> > > > > > > > > > > > Can you tell me how to solve this problem? > > > >> > > > > > > > > > > > FIX ME! implement getprotobynumber() > > >> > > > > > > > > > > > bionic/libc/bionic/stubs.c:384 > > > >> > > > > > > > > > > > I have the same problem like this. > > > >> > > > > > > > > > > > On 11月6日, 上午3時00分, Earlence > > >> > > > > > > > > > > > <[email protected]> wrote: > > >> > > > > > > > > > > > > I got it! > > > >> > > > > > > > > > > > > a crucial netfilter config was missing > > > >> > > > > > > > > > > > > CONFIG_NETFILTER_XT_MATCH_OWNER=m > > > >> > > > > > > > > > > > > Once that was in, everything worked like a charm! > > > >> > > > > > > > > > > > > Cheers, > > >> > > > > > > > > > > > > Earlence > > > >> > > > > > > > > > > > > On Nov 4, 8:03 pm, Earlence > > >> > > > > > > > > > > > > <[email protected]> wrote: > > > >> > > > > > > > > > > > > > Hi, > > > >> > > > > > > > > > > > > > I modified the goldfish defconfig to allow > > >> > > > > > > > > > > > > > netfilter support. > > >> > > > > > > > > > > > > > I also built the full AOSP. > > >> > > > > > > > > > > > > > The emulator boots with the new kernel and > > >> > > > > > > > > > > > > > system image. > > > >> > > > > > > > > > > > > > when I run "iptables -L", I get a 2 entires > > >> > > > > > > > > > > > > > (input, output, forward) > > >> > > > > > > > > > > > > > with no rules configured. > > > >> > > > > > > > > > > > > > So, the compilation was okay. > > >> > > > > > > > > > > > > > when I run this: > > > >> > > > > > > > > > > > > > iptables -A OUTPUT -m owner --uid-owner 10001 > > > >> > > > > > > > > > > > > > I get the message "No chain/target/match by > > >> > > > > > > > > > > > > > that name" > > >> > > > > > > > > > > > > > Why is this so? > > > >> > > > > > > > > > > > > > also, when I run something like: > > >> > > > > > > > > > > > > > iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > > >> > > > > > > > > > > > > > the output is: > > >> > > > > > > > > > > > > > FIX ME! implement getprotobynumber() > > >> > > > > > > > > > > > > > bionic/libc/bionic/stubs.c:384 > > > >> > > > > > > > > > > > > > but the rule gets added and iptables -L > > >> > > > > > > > > > > > > > returns: > > > >> > > > > > > > > > > > > > Chain INPUT (policy ACCEPT) > > >> > > > > > > > > > > > > > target prot opt source > > >> > > > > > > > > > > > > > destination > > >> > > > > > > > > > > > > > FIX ME! implement getprotobynumber() > > >> > > > > > > > > > > > > > bionic/libc/bionic/stubs.c:384 > > >> > > > > > > > > > > > > > ACCEPT tcp -- anywhere > > >> > > > > > > > > > > > > > anywhere tcp > > >> > > > > > > > > > > > > > dpt:www > > > >> > > > > > > > > > > > > > Chain FORWARD (policy ACCEPT) > > >> > > > > > > > > > > > > > target prot opt source > > >> > > > > > > > > > > > > > destination > > > >> > > > > > > > > > > > > > Chain OUTPUT (policy ACCEPT) > > >> > > > > > > > > > > > > > target prot opt source > > >> > > > > > > > > > > > > > destination > > > >> > > > > > > > > > > > > > Help me out with this! > > > >> > > > > > > > > > > > > > Cheers, > > >> > > > > > > > > > > > > > Earlence- 隱藏被引用文字 - > > > >> > > > > > > > > > > > > - 顯示被引用文字 - > > > >> > > > > > > > > > > > -- > > >> > > > > > > > > > > > unsubscribe: > > >> > > > > > > > > > > > [email protected]<android-kernel%[email protected]> > > ... > > read more >> -- unsubscribe: [email protected] website: http://groups.google.com/group/android-kernel
