On 03/16/2011 09:21 AM, Ben Greear wrote:
On 03/16/2011 07:30 AM, [email protected] wrote:
dear Ben Greear:
I had edit file,like file 1.82-ct/xorp/errata
include/linux/netfilter_ipv6/ip6_tables.h
include/linux/netfilter_ipv4/ip_tables.h
make core,but firewall is not work.
root@router <mailto:root@router># set firewall rule4 100 action drop
[edit]
root@router <mailto:root@router># commit
Commit Failed
102 Command failed No firewall plugin to set the entries[edit]
root@router <mailto:root@router>#
......
router:/usr/src/linux-source-2.6.26# uname -a
Linux router 2.6.26-dacheng #1 SMP Wed Mar 16 12:39:27 EDT 2011 i686
GNU/Linux
router:/usr/src/linux-source-2.6.26#
Please post a patch for what you did change.
I haven't done any testing on the firewall logic, and it would
not supprise me if it's broken. Maybe I'll have time to look
at it after I get the 1.8.3 release done.
The firewall plugin is in the xorp/fea directory, so you might
start looking there.
This is probably the root of the problem:
Checking for C header file pcap-bpf.h... (cached) yes
WARNING: Netfilter include files are broken or do not exist.
This means the Linux firewall support will not be compiled in.
To fix, you may edit: /usr/include/linux/netfilter_ipv4/ip_tables.h
line 222 or so, to look like this:
/* Helper functions */
static __inline__ struct ipt_entry_target *
ipt_get_target(struct ipt_entry *e)
{
/* BEN: Was void* */
return (struct ipt_entry_target *)((char*)e + e->target_offset);
}
You will also want to edit similar code around line 282 of:
/usr/include/linux/netfilter_ipv6/ip6_tables.h
Check your 'scons' build output to see if you have that warning.
Thanks,
Ben
--
Ben Greear <[email protected]>
Candela Technologies Inc http://www.candelatech.com
_______________________________________________
Xorp-hackers mailing list
[email protected]
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers
