Compilação do Kernel GNU/Debian5 com layer7
Consegui finalmente compilar com sucesso o kernel e o iptables e ativar o layer7. O erro que estava cometendo está relacionado à forma como estava compilando. O sucesso na compilação foi conseguido graças a dica do Rodrigo e a pesquisa no site do Layer7 (http://l7-filter.sourceforge.net). O documento Kernel HOWTO diz que eu só tenho que executar "chmod +x extensions/.layer7-test", "make KERNEL_DIR=/path/to/patched/kernel_source" e "make install KERNEL_DIR=/path/to/patched/kernel_source" em versões do iptables menores que 1.4.1. Curiosamente o mesmo documento pede para não se usar o iptables 1.4.1 com os seguintes dizeres "Não há razão para isto e é difícil de compilar". Já para as versões do iptables 1.4.1.1 e novas as diretivas para compilação são outras, como segue abaixo: Copiar libxt_layer7.c e libxt_layer7.man (do subdiretório do pacote "Layer 7 patches" do qual o README (que não existe no iptables 1.4.3.2 o qual estou usando) aponta para você, para o diretório extensions/ do source do iptables. "./configure --with-ksource=/path/to/patched/kernel_source" (use o caminho completo) "make" "make install" (como root) Mas, nem tudo são flores. Após tudo isto, quando tento usar o iptables compilado e tento aplicar as regras do Layer7, recebo mensagens de erro: g49655:~/layer.7/iptables-1.4.3.2# iptables -A INPUT -m layer7 --l7proto msnmessenger -j DROP /usr/local/libexec/xtables/libxt_layer7.so: /usr/local/libexec/xtables/libxt_layer7.so: undefined symbol: exit_error iptables v1.4.3.2: Couldn't load match `layer7':/usr/local/libexec/xtables/libipt_layer7.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. Creio que o erro acima, embora tanto a compilação do kernel quanto do iptables tenham transcorridos normalmente, tenha a ver com opções escolhidas na compilação do kernel ou algum detalhe do iptables. Assim que tiver alguma novidade, comentarei. Obrigado pelo apoio e se alguem observar alguma coisa, por favor, diga! -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Compilação do Kernel GNU/Debian5 com layer7
Me desculpe mas acho que fui mal entendido. Nao quis em momento algum passar um tom alterado. So estava fazendo uma pergunta. Recentemente houve uma mudanca na API do netfilter e o desenvolvedor vai publicar um patch acredito que essa semana, mas acredito que esse patch ira corrigir outros problemas que o layer7 esta tendo em relacao ao kernel 2.6.26 e Iptables 1.4.3.1,.4.3 etc. A proposito, o ./configure voce utilizou o ksource, correto? Tenta dar um locate nessa header, pois acho que eh alguma coisa relacionada a nao localizacao dos headers.. verifica se essa header existe no seu sistema aonde esta.. talvez seja a falta da especificacao de algum parametro na hora da compilacao. BA 2009/4/22 > Não sei se entendi bem o seu questionamento, mas a falta do header é de > responsabilidade do mantenedor do source (no caso layer7). Se o ./configure > não > apontou erro algum, é sinal que tudo está pronto para a compilação. Uma vez > que > descompactei o fonte do iptables e apliquei o patch do netfilter layer 7 > para o > iptables, eu esperava que as coisas funcionassem um pouco mais > "automáticas". > Faço da sua pergunta a minha também, Cade o header? > > Rodrigo Escobar escreveu: > > Cade o header pra poder compilar sem erros?! > > > > libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou > diretório > > não encontrado > > > > -- > To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > >
Re: Compilação do Kernel GNU/Debian5 com layer7
Não sei se entendi bem o seu questionamento, mas a falta do header é de responsabilidade do mantenedor do source (no caso layer7). Se o ./configure não apontou erro algum, é sinal que tudo está pronto para a compilação. Uma vez que descompactei o fonte do iptables e apliquei o patch do netfilter layer 7 para o iptables, eu esperava que as coisas funcionassem um pouco mais "automáticas". Faço da sua pergunta a minha também, Cade o header? Rodrigo Escobar escreveu: > Cade o header pra poder compilar sem erros?! > > libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou > diretório > não encontrado -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Compilação do Kernel GNU/Debian5 com layer7
quarta, 22 de abril de 2009, Rodrigo Escobar escreveu: >desculpa pelas cores.. nao queria que fosse o fundo e sim a letra.. > >On Wed, Apr 22, 2009 at 5:05 PM, Rodrigo Escobar >wrote: > >> Cade o header pra poder compilar sem erros?! >> >> libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo >> ou diretório >> não encontrado >> Acho que o colega estava perguntando sobre a mensagem de erro acima. [...] Abraço, -- Gunther Furtado gunfurt...@gmail.com -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Re: Compilação do Kernel GNU/Debian5 com layer7
desculpa pelas cores.. nao queria que fosse o fundo e sim a letra.. On Wed, Apr 22, 2009 at 5:05 PM, Rodrigo Escobar wrote: > Cade o header pra poder compilar sem erros?! > > libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou > diretório > não encontrado > > On Wed, Apr 22, 2009 at 3:58 PM, wrote: > >> Estou compilando o kernel 2.6.26 com suporte ao layer 7. A compilação do >> kernel >> foi fácil, sem nenhum problema, mas, quando tento compilar o >> iptables-1.4.3 com >> o patch do layer 7, ele não conclui, apresentado os erros que seguem >> abaixo: >> >> g49655:~/layer.7/iptables-1.4.3# make >> KERNEL_DIR=/usr/src/linux-source-2.6.26 >> BINDIR=/sbin LIBDIR=/lib >> make all-recursive >> make[1]: Entrando no diretório `/root/layer.7/iptables-1.4.3' >> Making all in extensions >> make[2]: Entrando no diretório `/root/layer.7/iptables-1.4.3/extensions' >> GEN matches4.man >> GEN matches6.man >> GEN targets4.man >> GEN targets6.man >> CC libipt_layer7.oo >> libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou >> diretório >> não encontrado >> libipt_layer7.c:52: warning: ‘struct xt_layer7_info’ declared inside >> parameter list >> libipt_layer7.c:52: warning: its scope is only this definition or >> declaration, >> which >> is probably not what you want >> libipt_layer7.c:52: warning: no previous prototype for >> ‘parse_protocol_file’ >> libipt_layer7.c: In function ‘parse_protocol_file’: >> libipt_layer7.c:55: warning: declaration of ‘line’ shadows a global >> declaration >> ../include/iptables/internal.h:11: warning: shadowed declaration is here >> libipt_layer7.c:92: warning: implicit declaration of function ‘exit_error’ >> libipt_layer7.c:96: error: ‘MAX_PROTOCOL_LEN’ undeclared (first use in >> this >> function) >> libipt_layer7.c:96: error: (Each undeclared identifier is reported only >> once >> libipt_layer7.c:96: error: for each function it appears in.) >> libipt_layer7.c:99: error: dereferencing pointer to incomplete type >> libipt_layer7.c:105: error: ‘MAX_PATTERN_LEN’ undeclared (first use in >> this >> function) >> libipt_layer7.c:107: error: dereferencing pointer to incomplete type >> libipt_layer7.c: In function ‘pre_process’: >> libipt_layer7.c:152: warning: declaration of ‘rindex’ shadows a global >> declaration >> /usr/include/string.h:313: warning: shadowed declaration is here >> libipt_layer7.c: At top level: >> libipt_layer7.c:205: warning: no previous prototype for ‘readl7dir’ >> libipt_layer7.c:260: warning: ‘struct xt_layer7_info’ declared inside >> parameter >> list >> libipt_layer7.c: In function ‘parse_layer7_protocol’: >> libipt_layer7.c:287: warning: passing argument 3 of ‘parse_protocol_file’ >> from >> incompatible pointer type >> libipt_layer7.c:305: error: dereferencing pointer to incomplete type >> libipt_layer7.c:305: error: dereferencing pointer to incomplete type >> libipt_layer7.c:305: error: ‘MAX_PATTERN_LEN’ undeclared (first use in >> this >> function) >> libipt_layer7.c: In function ‘parse’: >> libipt_layer7.c:317: warning: implicit declaration of function >> ‘check_inverse’ >> libipt_layer7.c:318: warning: passing argument 2 of >> ‘parse_layer7_protocol’ from >> incompatible pointer type >> libipt_layer7.c:320: error: dereferencing pointer to incomplete type >> libipt_layer7.c: In function ‘print’: >> libipt_layer7.c:365: error: dereferencing pointer to incomplete type >> libipt_layer7.c:366: error: dereferencing pointer to incomplete type >> libipt_layer7.c: In function ‘save’: >> libipt_layer7.c:374: error: dereferencing pointer to incomplete type >> libipt_layer7.c:374: error: dereferencing pointer to incomplete type >> libipt_layer7.c: At top level: >> libipt_layer7.c:377: error: variable ‘layer7’ has initializer but >> incomplete type >> libipt_layer7.c:378: error: unknown field ‘name’ specified in initializer >> libipt_layer7.c:378: warning: excess elements in struct initializer >> libipt_layer7.c:378: warning: (near initialization for ‘layer7’) >> libipt_layer7.c:379: error: unknown field ‘version’ specified in >> initializer >> libipt_layer7.c:379: warning: excess elements in struct initializer >> libipt_layer7.c:379: warning: (near initialization for ‘layer7’) >> libipt_layer7.c:380: error: unknown field ‘size’ specified in initializer >> libipt_layer7.c:380: error: invalid application of ‘sizeof’ to incomplete >> type >> ‘struct xt_layer7_info’ >> libipt_layer7.c:380: warning: excess elements in struct initializer >> libipt_layer7.c:380: warning: (near initialization for ‘layer7’) >> libipt_layer7.c:381: error: unknown field ‘userspacesize’ specified in >> initializer >> libipt_layer7.c:381: error: invalid application of ‘sizeof’ to incomplete >> type >> ‘struct xt_layer7_info’ >> libipt_layer7.c:381: warning: excess elements in struct initializer >> libipt_layer7.c:381: warning: (near initialization for ‘layer7’) >> libipt_layer7.c:382: error: unknown field ‘help’ specified in initiali
Re: Compilação do Kernel GNU/Debian5 com layer7
Cade o header pra poder compilar sem erros?! libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou diretório não encontrado On Wed, Apr 22, 2009 at 3:58 PM, wrote: > Estou compilando o kernel 2.6.26 com suporte ao layer 7. A compilação do > kernel > foi fácil, sem nenhum problema, mas, quando tento compilar o iptables-1.4.3 > com > o patch do layer 7, ele não conclui, apresentado os erros que seguem > abaixo: > > g49655:~/layer.7/iptables-1.4.3# make > KERNEL_DIR=/usr/src/linux-source-2.6.26 > BINDIR=/sbin LIBDIR=/lib > make all-recursive > make[1]: Entrando no diretório `/root/layer.7/iptables-1.4.3' > Making all in extensions > make[2]: Entrando no diretório `/root/layer.7/iptables-1.4.3/extensions' > GEN matches4.man > GEN matches6.man > GEN targets4.man > GEN targets6.man > CC libipt_layer7.oo > libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou > diretório > não encontrado > libipt_layer7.c:52: warning: ‘struct xt_layer7_info’ declared inside > parameter list > libipt_layer7.c:52: warning: its scope is only this definition or > declaration, > which > is probably not what you want > libipt_layer7.c:52: warning: no previous prototype for > ‘parse_protocol_file’ > libipt_layer7.c: In function ‘parse_protocol_file’: > libipt_layer7.c:55: warning: declaration of ‘line’ shadows a global > declaration > ../include/iptables/internal.h:11: warning: shadowed declaration is here > libipt_layer7.c:92: warning: implicit declaration of function ‘exit_error’ > libipt_layer7.c:96: error: ‘MAX_PROTOCOL_LEN’ undeclared (first use in this > function) > libipt_layer7.c:96: error: (Each undeclared identifier is reported only > once > libipt_layer7.c:96: error: for each function it appears in.) > libipt_layer7.c:99: error: dereferencing pointer to incomplete type > libipt_layer7.c:105: error: ‘MAX_PATTERN_LEN’ undeclared (first use in this > function) > libipt_layer7.c:107: error: dereferencing pointer to incomplete type > libipt_layer7.c: In function ‘pre_process’: > libipt_layer7.c:152: warning: declaration of ‘rindex’ shadows a global > declaration > /usr/include/string.h:313: warning: shadowed declaration is here > libipt_layer7.c: At top level: > libipt_layer7.c:205: warning: no previous prototype for ‘readl7dir’ > libipt_layer7.c:260: warning: ‘struct xt_layer7_info’ declared inside > parameter > list > libipt_layer7.c: In function ‘parse_layer7_protocol’: > libipt_layer7.c:287: warning: passing argument 3 of ‘parse_protocol_file’ > from > incompatible pointer type > libipt_layer7.c:305: error: dereferencing pointer to incomplete type > libipt_layer7.c:305: error: dereferencing pointer to incomplete type > libipt_layer7.c:305: error: ‘MAX_PATTERN_LEN’ undeclared (first use in this > function) > libipt_layer7.c: In function ‘parse’: > libipt_layer7.c:317: warning: implicit declaration of function > ‘check_inverse’ > libipt_layer7.c:318: warning: passing argument 2 of ‘parse_layer7_protocol’ > from > incompatible pointer type > libipt_layer7.c:320: error: dereferencing pointer to incomplete type > libipt_layer7.c: In function ‘print’: > libipt_layer7.c:365: error: dereferencing pointer to incomplete type > libipt_layer7.c:366: error: dereferencing pointer to incomplete type > libipt_layer7.c: In function ‘save’: > libipt_layer7.c:374: error: dereferencing pointer to incomplete type > libipt_layer7.c:374: error: dereferencing pointer to incomplete type > libipt_layer7.c: At top level: > libipt_layer7.c:377: error: variable ‘layer7’ has initializer but > incomplete type > libipt_layer7.c:378: error: unknown field ‘name’ specified in initializer > libipt_layer7.c:378: warning: excess elements in struct initializer > libipt_layer7.c:378: warning: (near initialization for ‘layer7’) > libipt_layer7.c:379: error: unknown field ‘version’ specified in > initializer > libipt_layer7.c:379: warning: excess elements in struct initializer > libipt_layer7.c:379: warning: (near initialization for ‘layer7’) > libipt_layer7.c:380: error: unknown field ‘size’ specified in initializer > libipt_layer7.c:380: error: invalid application of ‘sizeof’ to incomplete > type > ‘struct xt_layer7_info’ > libipt_layer7.c:380: warning: excess elements in struct initializer > libipt_layer7.c:380: warning: (near initialization for ‘layer7’) > libipt_layer7.c:381: error: unknown field ‘userspacesize’ specified in > initializer > libipt_layer7.c:381: error: invalid application of ‘sizeof’ to incomplete > type > ‘struct xt_layer7_info’ > libipt_layer7.c:381: warning: excess elements in struct initializer > libipt_layer7.c:381: warning: (near initialization for ‘layer7’) > libipt_layer7.c:382: error: unknown field ‘help’ specified in initializer > libipt_layer7.c:382: warning: excess elements in struct initializer > libipt_layer7.c:382: warning: (near initialization for ‘layer7’) > libipt_layer7.c:383: error: unknown field ‘parse’ specified in initializer > libipt_layer7.c:383: warnin
Compilação do Kernel GNU/Debian5 com layer7
Estou compilando o kernel 2.6.26 com suporte ao layer 7. A compilação do kernel foi fácil, sem nenhum problema, mas, quando tento compilar o iptables-1.4.3 com o patch do layer 7, ele não conclui, apresentado os erros que seguem abaixo: g49655:~/layer.7/iptables-1.4.3# make KERNEL_DIR=/usr/src/linux-source-2.6.26 BINDIR=/sbin LIBDIR=/lib make all-recursive make[1]: Entrando no diretório `/root/layer.7/iptables-1.4.3' Making all in extensions make[2]: Entrando no diretório `/root/layer.7/iptables-1.4.3/extensions' GEN matches4.man GEN matches6.man GEN targets4.man GEN targets6.man CC libipt_layer7.oo libipt_layer7.c:27:39: warning: linux/netfilter/xt_layer7.h: Arquivo ou diretório não encontrado libipt_layer7.c:52: warning: struct xt_layer7_info declared inside parameter list libipt_layer7.c:52: warning: its scope is only this definition or declaration, which is probably not what you want libipt_layer7.c:52: warning: no previous prototype for parse_protocol_file libipt_layer7.c: In function parse_protocol_file: libipt_layer7.c:55: warning: declaration of line shadows a global declaration ../include/iptables/internal.h:11: warning: shadowed declaration is here libipt_layer7.c:92: warning: implicit declaration of function exit_error libipt_layer7.c:96: error: MAX_PROTOCOL_LEN undeclared (first use in this function) libipt_layer7.c:96: error: (Each undeclared identifier is reported only once libipt_layer7.c:96: error: for each function it appears in.) libipt_layer7.c:99: error: dereferencing pointer to incomplete type libipt_layer7.c:105: error: MAX_PATTERN_LEN undeclared (first use in this function) libipt_layer7.c:107: error: dereferencing pointer to incomplete type libipt_layer7.c: In function pre_process: libipt_layer7.c:152: warning: declaration of rindex shadows a global declaration /usr/include/string.h:313: warning: shadowed declaration is here libipt_layer7.c: At top level: libipt_layer7.c:205: warning: no previous prototype for readl7dir libipt_layer7.c:260: warning: struct xt_layer7_info declared inside parameter list libipt_layer7.c: In function parse_layer7_protocol: libipt_layer7.c:287: warning: passing argument 3 of parse_protocol_file from incompatible pointer type libipt_layer7.c:305: error: dereferencing pointer to incomplete type libipt_layer7.c:305: error: dereferencing pointer to incomplete type libipt_layer7.c:305: error: MAX_PATTERN_LEN undeclared (first use in this function) libipt_layer7.c: In function parse: libipt_layer7.c:317: warning: implicit declaration of function check_inverse libipt_layer7.c:318: warning: passing argument 2 of parse_layer7_protocol from incompatible pointer type libipt_layer7.c:320: error: dereferencing pointer to incomplete type libipt_layer7.c: In function print: libipt_layer7.c:365: error: dereferencing pointer to incomplete type libipt_layer7.c:366: error: dereferencing pointer to incomplete type libipt_layer7.c: In function save: libipt_layer7.c:374: error: dereferencing pointer to incomplete type libipt_layer7.c:374: error: dereferencing pointer to incomplete type libipt_layer7.c: At top level: libipt_layer7.c:377: error: variable layer7 has initializer but incomplete type libipt_layer7.c:378: error: unknown field name specified in initializer libipt_layer7.c:378: warning: excess elements in struct initializer libipt_layer7.c:378: warning: (near initialization for layer7) libipt_layer7.c:379: error: unknown field version specified in initializer libipt_layer7.c:379: warning: excess elements in struct initializer libipt_layer7.c:379: warning: (near initialization for layer7) libipt_layer7.c:380: error: unknown field size specified in initializer libipt_layer7.c:380: error: invalid application of sizeof to incomplete type struct xt_layer7_info libipt_layer7.c:380: warning: excess elements in struct initializer libipt_layer7.c:380: warning: (near initialization for layer7) libipt_layer7.c:381: error: unknown field userspacesize specified in initializer libipt_layer7.c:381: error: invalid application of sizeof to incomplete type struct xt_layer7_info libipt_layer7.c:381: warning: excess elements in struct initializer libipt_layer7.c:381: warning: (near initialization for layer7) libipt_layer7.c:382: error: unknown field help specified in initializer libipt_layer7.c:382: warning: excess elements in struct initializer libipt_layer7.c:382: warning: (near initialization for layer7) libipt_layer7.c:383: error: unknown field parse specified in initializer libipt_layer7.c:383: warning: excess elements in struct initializer libipt_layer7.c:383: warning: (near initialization for layer7) libipt_layer7.c:384: error: unknown field final_check specified in initializer libipt_layer7.c:384: warning: excess elements in struct initializer libipt_layer7.c:384: warning: (near initialization for layer7) libipt_layer7.c:385: error: unknown field print specifie