Menu
▾
▴
iptperl-general — General discussion list for IPTables::IPv4 module
You can subscribe to this list here.
| 2003 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(3) |
Jun
(5) |
Jul
|
Aug
(2) |
Sep
|
Oct
(2) |
Nov
|
Dec
(1) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2004 |
Jan
(2) |
Feb
|
Mar
|
Apr
|
May
(3) |
Jun
|
Jul
(10) |
Aug
(4) |
Sep
(3) |
Oct
|
Nov
|
Dec
|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(5) |
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(4) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: William P. <wl...@wi...> - 2009-06-10 02:55:37
|
I have IPTables::IPv4 running on several machines in my network. I just tried to add the modules to my "cindy" box and ran into a number of compile errors. [root@cindy IPTables-IPv4-0.98]# perl Makefile.PL Checking if your kit is complete... Looks good Writing Makefile for IPTables::IPv4 [root@cindy IPTables-IPv4-0.98]# make cp IPv4/TableTie.pm blib/lib/IPTables/IPv4/TableTie.pm cp IPv4/Chain.pm blib/lib/IPTables/IPv4/Chain.pm cp IPv4.pm blib/lib/IPTables/IPv4.pm AutoSplitting blib/lib/IPTables/IPv4.pm (blib/lib/auto/IPTables/IPv4) cp IPv6.pm blib/lib/IPTables/IPv6.pm AutoSplitting blib/lib/IPTables/IPv6.pm (blib/lib/auto/IPTables/IPv6) cp IPv4/Toplevel.pm blib/lib/IPTables/IPv4/Toplevel.pm cp IPv4/Rule.pm blib/lib/IPTables/IPv4/Rule.pm cp IPv4/RuleList.pm blib/lib/IPTables/IPv4/RuleList.pm /usr/bin/perl /usr/lib/perl5/5.10.0/ExtUtils/xsubpp -noprototypes -typemap /usr/lib/perl5/5.10.0/ExtUtils/typemap -typemap IPTables.typemap IPv4.xs > IPv4.xsc && mv IPv4.xsc IPv4.c gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DPERL_USE_SAFE_PUTENV -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE" IPv4.c IPv4.c: In function ‘XS_IPTables__IPv4__Table_get_policy’: IPv4.xs:136: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result IPv4.xs:139: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result IPv4.xs: In function ‘XS_IPTables__IPv4__Table_get_references’: IPv4.xs:379: warning: pointer targets in passing argument 1 of ‘iptc_get_references’ differ in signedness gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DPERL_USE_SAFE_PUTENV -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE" loader.c loader.c: In function ‘find_module_int’: loader.c:108: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DPERL_USE_SAFE_PUTENV -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE" packer.c packer.c: In function ‘ipt_do_pack’: packer.c:249: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result packer.c:310: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result packer.c:372: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result packer.c:542: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result packer.c:558: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DPERL_USE_SAFE_PUTENV -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE" unpacker.c unpacker.c: In function ‘addr_and_mask_to_sv’: unpacker.c:92: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:95: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:101: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c: In function ‘ipt_do_unpack’: unpacker.c:132: warning: value computed is not used unpacker.c:139: warning: value computed is not used unpacker.c:150: warning: value computed is not used unpacker.c:162: warning: value computed is not used unpacker.c:189: warning: value computed is not used unpacker.c:195: warning: value computed is not used unpacker.c:204: warning: value computed is not used unpacker.c:217: warning: value computed is not used unpacker.c:252: warning: value computed is not used unpacker.c:261: warning: value computed is not used unpacker.c:265: warning: value computed is not used unpacker.c:268: warning: value computed is not used unpacker.c:146: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:158: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:173: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:183: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:214: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:249: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:264: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result unpacker.c:267: warning: ignoring return value of ‘asprintf’, declared with attribute warn_unused_result gcc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DPERL_USE_SAFE_PUTENV -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl5/5.10.0/i386-linux-thread-multi/CORE" maskgen.c make -C libiptc/ all make[1]: Entering directory `/root/Download/IPTables-IPv4-0.98/libiptc' gcc -o libip4tc.o -c libip4tc.c -I../include -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.8\" -O2 -Wall In file included from libip4tc.c:117: libiptc.c: In function ‘iptc_init’: libiptc.c:312: warning: pointer targets in passing argument 5 of ‘getsockopt’ differ in signedness gcc -o libip6tc.o -c libip6tc.c -I../include -I/usr/src/linux/include -DIPTABLES_VERSION=\"1.2.8\" -O2 -Wall In file included from libip6tc.c:112: libiptc.c: In function ‘ip6tc_init’: libiptc.c:312: warning: pointer targets in passing argument 5 of ‘getsockopt’ differ in signedness libip6tc.c: In function ‘ipv6_prefix_length’: libip6tc.c:121: error: ‘const struct in6_addr’ has no member named ‘in6_u’ libip6tc.c:125: error: ‘const struct in6_addr’ has no member named ‘in6_u’ make[1]: *** [libip6tc.o] Error 1 make[1]: Leaving directory `/root/Download/IPTables-IPv4-0.98/libiptc' make: *** [libiptc/libiptc.a] Error 2 Can any kind person help me? -- William Perry |
|
From: Victor S. <vi...@vi...> - 2009-04-29 11:05:30
|
Jan Kratochvil пишет:
> On Wed, 29 Apr 2009 11:46:07 +0200, Victor Safronov wrote:
>
>> This code gives me "pcntjumpbcnt" repeated n times, where n is rules
>> amount in that chain.
>>
>
> And what rules do you have in the "billing" chain?
>
> For filter->INPUT I get these keys:
> bcnt
> destination
> destination-port
> destination-ports
> in-interface
> jump
> mark
> matches
> pcnt
> protocol
> reject-with
> source
> source-port
>
> You may rather want to use there:
> print join ",",keys(%{$_});
>
>
> Regards,
> Jan
>
I have two rules.
[root@ns2 bin]# iptables -nvL billing
Chain billing (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 10.20.1.1 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 10.20.1.1
|
|
From: Jan K. <la...@ja...> - 2009-04-29 10:16:04
|
On Wed, 29 Apr 2009 11:46:07 +0200, Victor Safronov wrote:
> This code gives me "pcntjumpbcnt" repeated n times, where n is rules
> amount in that chain.
And what rules do you have in the "billing" chain?
For filter->INPUT I get these keys:
bcnt
destination
destination-port
destination-ports
in-interface
jump
mark
matches
pcnt
protocol
reject-with
source
source-port
You may rather want to use there:
print join ",",keys(%{$_});
Regards,
Jan
|
|
From: Victor S. <vi...@vi...> - 2009-04-29 09:46:25
|
I've got a problem with function list_rules. There are only pcnt, jump
and bcnt keys in hashes. I have no desired source, destination, etc. at
all. Where is the problem?
my $table = IPTables::IPv4::init('filter');
my @rules = $table->list_rules('billing');
foreach (@rules) {
print keys %{$_};
print "\n";
}
This code gives me "pcntjumpbcnt" repeated n times, where n is rules
amount in that chain.
P.S. I am a beginner for two languages - English and Perl :)
|
|
From: Amos S. <amo...@gm...> - 2008-05-13 13:01:58
|
On Tue, May 13, 2008 at 10:49 PM, Michael Da Silva Pereira < mi...@ib...> wrote: > Hi, > > > > I see there is a xen-headers package for gutsy, but nothing out there for > hardy? > Oops you are right. I searched this on my desktop which is still Gutsy (laptop is at hardy). Have you tried to run "apt-file search"? If worse comes to worst, you can either: 1. Download the linux-source package and enable this module. 2. Download a vanilla linux kernel and create source packages with kernel-kpkg. In any case, this sounds like a Hardy issue, consider filing a bug against hardy's kernel source package and/or asking on ubuntuforums.org. Cheers, --Amos |
|
From: Michael Da S. P. <mi...@ib...> - 2008-05-13 12:49:39
|
Hi,
I see there is a xen-headers package for gutsy, but nothing out there
for hardy?
Thanks,
Mike
_____
From: Amos Shapira [mailto:amo...@gm...]
Sent: 13 May 2008 02:39 PM
To: Michael Da Silva Pereira
Cc: ipt...@li...
Subject: Re: [Iptperl-general] Issues building IPTABLES::IPV4 0.98 on
2.6.24-16 (ubunutu hardy)
On Tue, May 13, 2008 at 10:24 PM, Michael Da Silva Pereira
<mi...@ib...> wrote:
Hi there,
I wonder if anybody else has had these similar problems build the
module on the latest kernels?
"apt-file search ip_nat.h" finds this file in xen-headers-2.6.*
packages. Sounds a bit weird that the xen-headers would contain this
while linux-headers doesn't. Maybe it's related to the fact that
xen-headers are for 2.6.16 and 2.6.19 while linux-headers is for 2.6.22
(bug in linux-headers?)
cc -c -Iinclude -I/usr/src/linux/include -Wall
-DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2
-DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC
"-I/usr/lib/perl/5.8/CORE" -DINET6 -o unpacker_v6.o unpacker.c
cc -c -Iinclude -I/usr/src/linux/include -Wall
-DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2
-DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC
"-I/usr/lib/perl/5.8/CORE" -DINET6 -o maskgen_v6.o maskgen.c
rm -f blib/arch/auto/IPTables/IPv6/IPv6.so
LD_RUN_PATH="" cc -shared -L/usr/local/lib IPv6.o loader_v6.o
packer_v6.o unpacker_v6.o maskgen_v6.o libiptc/libiptc.a -o
blib/arch/auto/IPTables/IPv6/IPv6.so
chmod 755 blib/arch/auto/IPTables/IPv6/IPv6.so
Running Mkbootstrap for IPTables::IPv6 ()
chmod 644 IPv6.bs
cp IPv6.bs blib/arch/auto/IPTables/IPv6/IPv6.bs
chmod 644 blib/arch/auto/IPTables/IPv6/IPv6.bs
make -C modules/ all INSTALL_DIR=/usr/local/lib/IPTables-IPv4
make[1]: Entering directory
`/home/michael/IPTables-IPv4-0.98/modules'
gcc -o ipt_pl_icmp.o -c ipt_pl_icmp.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ld -shared -o ipt_pl_icmp.so ipt_pl_icmp.o
gcc -o ipt_pl_tcp.o -c ipt_pl_tcp.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ld -shared -o ipt_pl_tcp.so ipt_pl_tcp.o
gcc -o ipt_pl_udp.o -c ipt_pl_udp.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ld -shared -o ipt_pl_udp.so ipt_pl_udp.o
gcc -o ipt_pl_ah.o -c ipt_pl_ah.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ld -shared -o ipt_pl_ah.so ipt_pl_ah.o
gcc -o ipt_pl_esp.o -c ipt_pl_esp.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ld -shared -o ipt_pl_esp.so ipt_pl_esp.o
gcc -o ipt_pl_DNAT.o -c ipt_pl_DNAT.c -I/usr/src/linux/include
-I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef
ipt_pl_DNAT.c:11:41: error: linux/netfilter_ipv4/ip_nat.h: No such
file or directory
ipt_pl_DNAT.c:20: warning: â declared inside parameter list
ipt_pl_DNAT.c:20: warning: its scope is only this definition or
declaration, which is probably not what you want
ipt_pl_DNAT.c: In function â:
ipt_pl_DNAT.c:32: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:32: error: â undeclared (first use in this function)
ipt_pl_DNAT.c:32: error: (Each undeclared identifier is reported only
once
ipt_pl_DNAT.c:32: error: for each function it appears in.)
ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:50: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:53: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:58: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:58: error: â undeclared (first use in this function)
ipt_pl_DNAT.c:63: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:71: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c:79: error: dereferencing pointer to incomplete type
ipt_pl_DNAT.c: In function â:
Kind Regards,
Michael da Silva Pereira
---------------------------------------------------------------------
----
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Iptperl-general mailing list
Ipt...@li...
https://lists.sourceforge.net/lists/listinfo/iptperl-general
|
|
From: Amos S. <amo...@gm...> - 2008-05-13 12:39:00
|
On Tue, May 13, 2008 at 10:24 PM, Michael Da Silva Pereira < mi...@ib...> wrote: > Hi there, > > > > I wonder if anybody else has had these similar problems build the module > on the latest kernels? > "apt-file search ip_nat.h" finds this file in xen-headers-2.6.* packages. Sounds a bit weird that the xen-headers would contain this while linux-headers doesn't. Maybe it's related to the fact that xen-headers are for 2.6.16 and 2.6.19 while linux-headers is for 2.6.22 (bug in linux-headers?) > > > > cc -c -Iinclude -I/usr/src/linux/include -Wall > -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -DVERSION=\"0.98\" > -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DINET6 -o > unpacker_v6.o unpacker.c > > cc -c -Iinclude -I/usr/src/linux/include -Wall > -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -DVERSION=\"0.98\" > -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DINET6 -o > maskgen_v6.o maskgen.c > > rm -f blib/arch/auto/IPTables/IPv6/IPv6.so > > LD_RUN_PATH="" cc -shared -L/usr/local/lib IPv6.o loader_v6.o packer_v6.o > unpacker_v6.o maskgen_v6.o libiptc/libiptc.a -o > blib/arch/auto/IPTables/IPv6/IPv6.so > > chmod 755 blib/arch/auto/IPTables/IPv6/IPv6.so > > Running Mkbootstrap for IPTables::IPv6 () > > chmod 644 IPv6.bs > > cp IPv6.bs blib/arch/auto/IPTables/IPv6/IPv6.bs > > chmod 644 blib/arch/auto/IPTables/IPv6/IPv6.bs > > make -C modules/ all INSTALL_DIR=/usr/local/lib/IPTables-IPv4 > > make[1]: Entering directory `/home/michael/IPTables-IPv4-0.98/modules' > > gcc -o ipt_pl_icmp.o -c ipt_pl_icmp.c -I/usr/src/linux/include > -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > ld -shared -o ipt_pl_icmp.so ipt_pl_icmp.o > > gcc -o ipt_pl_tcp.o -c ipt_pl_tcp.c -I/usr/src/linux/include -I../include > -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > ld -shared -o ipt_pl_tcp.so ipt_pl_tcp.o > > gcc -o ipt_pl_udp.o -c ipt_pl_udp.c -I/usr/src/linux/include -I../include > -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > ld -shared -o ipt_pl_udp.so ipt_pl_udp.o > > gcc -o ipt_pl_ah.o -c ipt_pl_ah.c -I/usr/src/linux/include -I../include > -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > ld -shared -o ipt_pl_ah.so ipt_pl_ah.o > > gcc -o ipt_pl_esp.o -c ipt_pl_esp.c -I/usr/src/linux/include -I../include > -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > ld -shared -o ipt_pl_esp.so ipt_pl_esp.o > > gcc -o ipt_pl_DNAT.o -c ipt_pl_DNAT.c -I/usr/src/linux/include > -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef > > *ipt_pl_DNAT.c:11:41: error: linux/netfilter_ipv4/ip_nat.h: No such file > or directory* > > ipt_pl_DNAT.c:20: warning: â declared inside parameter list > > ipt_pl_DNAT.c:20: warning: its scope is only this definition or > declaration, which is probably not what you want > > ipt_pl_DNAT.c: In function â: > > ipt_pl_DNAT.c:32: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:32: error: â undeclared (first use in this function) > > ipt_pl_DNAT.c:32: error: (Each undeclared identifier is reported only once > > ipt_pl_DNAT.c:32: error: for each function it appears in.) > > ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:50: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:53: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:58: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:58: error: â undeclared (first use in this function) > > ipt_pl_DNAT.c:63: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:71: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c:79: error: dereferencing pointer to incomplete type > > ipt_pl_DNAT.c: In function â: > > > > > > Kind Regards, > Michael da Silva Pereira > > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Iptperl-general mailing list > Ipt...@li... > https://lists.sourceforge.net/lists/listinfo/iptperl-general > > |
|
From: Michael Da S. P. <mi...@ib...> - 2008-05-13 12:24:39
|
Hi there, I wonder if anybody else has had these similar problems build the module on the latest kernels? cc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DINET6 -o unpacker_v6.o unpacker.c cc -c -Iinclude -I/usr/src/linux/include -Wall -DMODULE_PATH=\"/usr/local/lib/IPTables-IPv4\" -O2 -DVERSION=\"0.98\" -DXS_VERSION=\"0.98\" -fPIC "-I/usr/lib/perl/5.8/CORE" -DINET6 -o maskgen_v6.o maskgen.c rm -f blib/arch/auto/IPTables/IPv6/IPv6.so LD_RUN_PATH="" cc -shared -L/usr/local/lib IPv6.o loader_v6.o packer_v6.o unpacker_v6.o maskgen_v6.o libiptc/libiptc.a -o blib/arch/auto/IPTables/IPv6/IPv6.so chmod 755 blib/arch/auto/IPTables/IPv6/IPv6.so Running Mkbootstrap for IPTables::IPv6 () chmod 644 IPv6.bs cp IPv6.bs blib/arch/auto/IPTables/IPv6/IPv6.bs chmod 644 blib/arch/auto/IPTables/IPv6/IPv6.bs make -C modules/ all INSTALL_DIR=/usr/local/lib/IPTables-IPv4 make[1]: Entering directory `/home/michael/IPTables-IPv4-0.98/modules' gcc -o ipt_pl_icmp.o -c ipt_pl_icmp.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ld -shared -o ipt_pl_icmp.so ipt_pl_icmp.o gcc -o ipt_pl_tcp.o -c ipt_pl_tcp.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ld -shared -o ipt_pl_tcp.so ipt_pl_tcp.o gcc -o ipt_pl_udp.o -c ipt_pl_udp.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ld -shared -o ipt_pl_udp.so ipt_pl_udp.o gcc -o ipt_pl_ah.o -c ipt_pl_ah.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ld -shared -o ipt_pl_ah.so ipt_pl_ah.o gcc -o ipt_pl_esp.o -c ipt_pl_esp.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ld -shared -o ipt_pl_esp.so ipt_pl_esp.o gcc -o ipt_pl_DNAT.o -c ipt_pl_DNAT.c -I/usr/src/linux/include -I../include -I/usr/lib/perl/5.8/CORE -I.. -Wall -O2 -Wundef ipt_pl_DNAT.c:11:41: error: linux/netfilter_ipv4/ip_nat.h: No such file or directory ipt_pl_DNAT.c:20: warning: â declared inside parameter list ipt_pl_DNAT.c:20: warning: its scope is only this definition or declaration, which is probably not what you want ipt_pl_DNAT.c: In function â: ipt_pl_DNAT.c:32: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:32: error: â undeclared (first use in this function) ipt_pl_DNAT.c:32: error: (Each undeclared identifier is reported only once ipt_pl_DNAT.c:32: error: for each function it appears in.) ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:42: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:50: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:53: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:58: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:58: error: â undeclared (first use in this function) ipt_pl_DNAT.c:63: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:67: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:71: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c:79: error: dereferencing pointer to incomplete type ipt_pl_DNAT.c: In function â: Kind Regards, Michael da Silva Pereira |
|
From: Alain K. <sou...@mi...> - 2007-09-04 20:29:56
|
Michael Gale wrote: > Hey, > > Is IPTables::IPV4 still being maintained ? I am having issues with > Centos 5 :( > > I can not get IPTables-IPv4-0.98 to compile on Centos 5 (v5.8.8 built > for x86_64-linux-thread-multi). Has any one else got this to work or > know of the fix ? > > --snip-- > make -C libiptc/ all > make[1]: Entering directory `/root/.cpan/build/IPTables-IPv4-0.98/libiptc' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/root/.cpan/build/IPTables-IPv4-0.98/libiptc' > Running Mkbootstrap for IPTables::IPv4 () > chmod 644 IPv4.bs > rm -f blib/arch/auto/IPTables/IPv4/IPv4.so > gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions > -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic IPv4.o > loader.o packer.o unpacker.o > maskgen.o libiptc/libiptc.a -o blib/arch/auto/IPTables/IPv4/IPv4.so > \ > \ > > /usr/bin/ld: libiptc/libiptc.a(libip4tc.o): relocation R_X86_64_32S > against `iptc_next_chain' can not be used when making a shared object; > recompile with -fPIC > libiptc/libiptc.a: could not read symbols: Bad value > collect2: ld returned 1 exit status > make: *** [blib/arch/auto/IPTables/IPv4/IPv4.so] Error 1 > --snip-- > In case it helps, I've been using the following patch (see attach) to compile it on SuSE 10.0 and Kubuntu 7.04 and Gutsy. Moreover, you might need to fetch the following 3 include files from an old kernel tree: linux/netfilter_ipv4/ip_conntrack_tuple.h linux/netfilter_ipv4/ip_conntrack.h linux/netfilter_ipv4/ip_nat.h |
|
From: Michael G. <mic...@pa...> - 2007-09-04 20:11:33
|
Hey,
Is IPTables::IPV4 still being maintained ? I am having issues with
Centos 5 :(
I can not get IPTables-IPv4-0.98 to compile on Centos 5 (v5.8.8 built
for x86_64-linux-thread-multi). Has any one else got this to work or
know of the fix ?
--snip--
make -C libiptc/ all
make[1]: Entering directory `/root/.cpan/build/IPTables-IPv4-0.98/libiptc'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/.cpan/build/IPTables-IPv4-0.98/libiptc'
Running Mkbootstrap for IPTables::IPv4 ()
chmod 644 IPv4.bs
rm -f blib/arch/auto/IPTables/IPv4/IPv4.so
gcc -shared -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic IPv4.o
loader.o packer.o unpacker.o
maskgen.o libiptc/libiptc.a -o blib/arch/auto/IPTables/IPv4/IPv4.so
\
\
/usr/bin/ld: libiptc/libiptc.a(libip4tc.o): relocation R_X86_64_32S
against `iptc_next_chain' can not be used when making a shared object;
recompile with -fPIC
libiptc/libiptc.a: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [blib/arch/auto/IPTables/IPv4/IPv4.so] Error 1
--snip--
--
Michael Gale
Red Hat Certified Engineer
Network Administrator
Pason Systems Corp.
"Nothing is impossible to a willing mind." - Monk Hae Chang
|
|
From: Amos S. <amo...@gm...> - 2006-09-05 07:08:03
|
Hi,
Trying to cleanup the code (based on 0.98, but also after patching with Jan
Kratochvil's proposed patches) I manage to make it run on Debian Etch (using
debian's iptables-dev package instead of the old internal trimmed down
version of libiptc) but one major problem is that commands like:
%IPTables::IPv4 = ();
(taken from t/00save_current_ruleset.t)
or even:
%IPTables::IPv4 = %{$rules};
(from t/99restore_ruleset.t)
causes errors a-la:
(in cleanup) Can't call method "commit" on an undefined value at
/home/amos/src/iptperl/IPTables-IPv4-0.99/blib/lib/IPTables/IPv4/TableTie.pm
line 64 during global destruction.
My perl tie is a bit rusty but I suspect that what happens is that the
object referenced from %IPTables::IPv4 looses its "tie" definition reference
during these assignments and causes a complete mess-up of the table.
Other tests, which call methods instead of assign to the hash directly, seem
to pass fine.
Does anyone have any idea?
Cheers,
--Amos
--
"Military justice is to justice what military music is to music"
|
|
From: jdurick <jd...@mi...> - 2006-01-09 19:19:08
|
I am having a slight problem when I delete a rule that has been appended
to the iptables ruleset via IPTables::IPv4 (kernel: 2.6.14-gentoo-r2)-
I think the IPTables::IPv4 perl module has been written for 2.4, not
sure if that is an issue or not . Other simple append_entry and
delete_entrys work however, when I append using the following small script:
#!/usr/bin/perl - w
use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->append_entry(
"INPUT",
{
protocol => "icmp",
'matches' => [ 'icmp', 'limit' ],
'limit' => '1/min',
'icmp-type' => 'echo-request',
jump => "ACCEPT"
}
);
print "success = $success\n";
$table->commit();
-----------
success = 1
it shows up (iptables -nvL) as:
Chain INPUT (policy ACCEPT 2 packets, 64 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 1/min burst 5 icmp type 8
Now, when I delete using the same identifiers using delete_entry:
#!/usr/bin/perl - w
use IPTables::IPv4;
my $success;
my $table = IPTables::IPv4::init('filter');
my $success = $table->delete_entry(
"INPUT",
{
protocol => "icmp",
'matches' => [ 'icmp', 'limit' ],
'limit' => '1/min',
'icmp-type' => 'echo-request',
jump => "ACCEPT"
}
);
print "success = $success\n";
$table->commit();
-----------
success = 0 and checked via iptables -vnL
When I did a dump of the same rule that was appended to the iptables
ruleset using: %IPTables::IPv4 = (); I got the following:
--snip--
'filter' => {
'INPUT' => {
'rules' => [
{
'protocol' => 'icmp',
'limit-burst' => 5,
'matches' => [
'limit'
],
'pcnt' => '0',
'limit' => '1/min',
'jump' => 'ACCEPT',
'icmp-type' =>
'echo-request',
'bcnt' => '0'
}
],
'pcnt' => '76',
'bcnt' => '5302',
'policy' => 'ACCEPT'
},
--snip--
All seems to match the rules options I have listed above?
Other rules that have been created, ones that do not use the limit &
protocol match options seem to be giving me trouble. Has there been a
bug published with delete_entry() that I am not aware of or is this user
error? Any help would be appreciated.
jd
--
JD Durick
Senior INFOSEC Engineer
Center for Integrated Intelligence Systems (CIIS)
GPG Fingerprint: 7780 02CE 50CA 346F 0E15 9EBC A645 5E5F 543B 0840
The MITRE Corporation
(703) 983-5543 (Washington)
jd...@mi...
|
|
From: Derrik P. <de...@de...> - 2005-08-15 01:38:27
|
Jan Kratochvil wrote: > it is almost two year from the last release (0.98). > > Is this project still maintained? If really really nobody cares please give me > sf.net access (user "kratochvil") there and I may be able to force myself to > release 0.99 or whatever. I have unfortunately not been paying as much attention to it as I ought to. I went ahead and added you as a project administrator. If you have any questions, feel free to e-mail me directly (at de...@de...). -- Derrik Pates de...@de... |
|
From: Charlie B. <cha...@bu...> - 2005-05-17 01:43:09
|
On Sun, 15 May 2005, Jan Kratochvil wrote: > On Thu, 12 May 2005 10:52:10 +0900, Charlie Brady wrote: >> On Wed, 11 May 2005, Charlie Brady wrote: >>> I seem to have found some parsing errors in to-destination. >> With 0.98, BTW. Tested on i386 CentOS4 (iow RHEL4). > > Please see the bugfix: > http://sourceforge.net/tracker/download.php?group_id=26493&atid=387479&file_id=134516&aid=1202194 > > Thanks for the bugreport, Thanks for the multiple bugfixes! |
|
From: Jan K. <la...@ja...> - 2005-05-15 04:07:12
|
Hi, it is almost two year from the last release (0.98). Is this project still maintained? If really really nobody cares please give me sf.net access (user "kratochvil") there and I may be able to force myself to release 0.99 or whatever. There are some patches of mine pending for almost half a year now: http://sourceforge.net/tracker/?group_id=26493&atid=387479 Sure the package is perfect otherwise. Thanks, Lace |
|
From: Jan K. <la...@ja...> - 2005-05-15 04:03:06
|
Hi, On Thu, 12 May 2005 10:52:10 +0900, Charlie Brady wrote: > On Wed, 11 May 2005, Charlie Brady wrote: > >I seem to have found some parsing errors in to-destination. > With 0.98, BTW. Tested on i386 CentOS4 (iow RHEL4). Please see the bugfix: http://sourceforge.net/tracker/download.php?group_id=26493&atid=387479&file_id=134516&aid=1202194 Thanks for the bugreport, Lace |
|
From: Charlie B. <cha...@bu...> - 2005-05-12 01:52:17
|
On Wed, 11 May 2005, Charlie Brady wrote: > I seem to have found some parsing errors in to-destination. With 0.98, BTW. Tested on i386 CentOS4 (iow RHEL4). > I find that none matching port-port is accepted. Current CVS is no better. In fact, it's worse: $ sudo perl /tmp/forwarding.pl 1.2.3.4-1.2.3.5:50-60 append: nat: 1.2.3.4-1.2.3.5:50-60 to-destination: Unable to parse value at /tmp/forwarding.pl line 12. *** glibc detected *** malloc(): memory corruption: 0x092dbdb8 *** Aborted $ |
|
From: Charlie B. <cha...@bu...> - 2005-05-12 01:40:47
|
I seem to have found some parsing errors in to-destination. The pod tells
me that to-destination can be any of:
...
ad.d.re.ss
ad.d.re.ss-ad.d.re.ss
ad.d.re.ss:port
ad.d.re.ss:port-port
ad.d.re.ss-ad.d.re.ss:port
ad.d.re.ss-ad.d.re.ss:port-port
:port
:port-port
...
I find that none matching port-port is accepted.
$ sudo perl /tmp/forwarding.pl 1.2.3.4
$ sudo perl /tmp/forwarding.pl 1.2.3.4:50
$ sudo perl /tmp/forwarding.pl 1.2.3.4:50-60
append: nat: 1.2.3.4:50-60 to-destination: Unable to parse value at
/tmp/forwarding.pl line 12.
$ sudo perl /tmp/forwarding.pl 1.2.3.4
$ sudo perl /tmp/forwarding.pl 1.2.3.4-1.2.3.5
$ sudo perl /tmp/forwarding.pl 1.2.3.4:50
$ sudo perl /tmp/forwarding.pl 1.2.3.4:50-60
append: nat: 1.2.3.4:50-60 to-destination: Unable to parse value at
/tmp/forwarding.pl line 12.
$ sudo perl /tmp/forwarding.pl 1.2.3.4-1.2.3.5:50
$ sudo perl /tmp/forwarding.pl 1.2.3.4-1.2.3.5:50-60
append: nat: 1.2.3.4-1.2.3.5:50-60 to-destination: Unable to parse value
at /tmp/forwarding.pl line 12.
$ sudo perl /tmp/forwarding.pl :50
$ sudo perl /tmp/forwarding.pl :50-60
append: nat: :50-60 to-destination: Unable to parse value at
/tmp/forwarding.pl line 12.
This is the relevant bit of my test program:
...
$dest = shift;
$nat->append_entry('PortForwarding',
{
source => "1.2.3.4",
protocol => "tcp",
'destination-port' => 99,
jump => 'DNAT',
'to-destination' => "$dest",
}) or warn "append: nat: $dport $!";
...
|
|
From: Andrey G. <an...@sh...> - 2004-09-17 13:22:56
|
Hello All!
I use iptables on my VPN server to account users traffic on ppp interface.
I have approximatly 80 users and all of them are dial-up users.
Sometimes, when two or more users going to connect at the same time and my
scripts tring to set up accountig rules I have error when executing
$table_h->commit(); where $! = Resource temporarily unavailable
OK, I'm understand, if two users try connect to one resource they are
may get EAGAIN error. It's normal. For fix my script, I was wrote code:
...
my $try=3;
while ($try--) {
if ($table_h->commit()) {
return 0;
}
print "iptables error: $!";
}
and was confused.... After executing first time $table_h->commit()
script write "iptables error: Resource temporarily unavailable" and, I
think, it is correct. BUT, when script (on while) executing $table_h->commit()
second time my script silently terminated _without_any_messages_. Nowhere.
IMHO kernel drop it. But I don't understand WHY? May be, I must re-open
handle?
PS: and one more question. In my program I use "use strict;" and "perl -w"
directive and get
error message on line 5 of IPv4.pm where "%IPv4;" and I replace it by "my
%IPv4;".
Is it correct?
Sorry about my english. :(
--
Andrey Grebenkov MFPO "Shield", Kiev, Ukraine
E-Mail: an...@sh... System administrator
|
|
From: Jordan H. <jo...@mj...> - 2004-09-14 21:55:15
|
On Tue, 2004-09-14 at 21:13, Bill wrote: > Greetings, > > I'm attempting to write a few test scripts to read in a set of iptable rules > that have been generated by fwbuilder (www.fwbuilder.org). When I list the Yes, that is a quick way to start seeing how to manage a particular problem. > rules generated by fwbuilder that's currently active on my box, I get a > listing of various tables. In order to start you can dump the hash tree generated by $IPTables::IPv4 using the Config::General module in the perl debugger. But watch out, reading in the data again may come out with a different tree as degenerated arrays are usually collapsed to a scalar. I wrote a simple parser to cope with this problem - you can have the framework it if you like (but there is also some other stuff in like module initialisation, /proc/sys/net configuration settings and the template toolkit acting as a preprocessor). > > What i'd like to do is to enumerate the tables and list the various chains > contained in each table. For example, my system (at the moment) has the > following table/chain setup: [snip] ... will be off until Friday jordan |
|
From: Bill <per...@ga...> - 2004-09-14 20:45:20
|
Greetings, I'm attempting to write a few test scripts to read in a set of iptable rules that have been generated by fwbuilder (www.fwbuilder.org). When I list the rules generated by fwbuilder that's currently active on my box, I get a listing of various tables. What i'd like to do is to enumerate the tables and list the various chains contained in each table. For example, my system (at the moment) has the following table/chain setup: FILTER - INPUT - FORWARD - OUTPUT - Cid3FBAE099.0 - Cid3FBAE099.1 - Cid4006029E.0 - Cid4006029E.1 - Cid4006029E.2 - RULE_0 - RULE_1 - RULE_2 - RULE_3 - RULE_4 - RULE_5 - RULE_6 - RULE_7 - RULE_8 - eth0_In_RULE_0 - wireless_In_RULE_0 - wireless_out_RULE_0 The other tables have the built in chains. Is there any way to list the following for each rule: source_ip source_port destination_ip destination_port action[permit|deny|drop] log pcnt bcnt Thanks in advance, -=-Bill-=- |
|
From: Jordan H. <jo...@mj...> - 2004-08-30 13:38:17
|
On Mon, 2004-08-30 at 15:09, ddmails wrote: > Moin, > > after hours of searching, the problem was really easy to solve ... > > I simply made an make clean && make install foer IPtables::IPv4 perl > module and it works fine again. I didnt know that recompiling > perl-modules makes any difference to them. [snip] good to hear :) Sure, perl is used only as a wrapper only to access the iptables (binary) library (the perl xs coding interface is as ugly as efficient) jordan |
|
From: ddmails <dd...@we...> - 2004-08-30 13:10:07
|
Moin, after hours of searching, the problem was really easy to solve ... I simply made an make clean && make install foer IPtables::IPv4 perl module and it works fine again. I didnt know that recompiling perl-modules makes any difference to them. Thanx for your help Bye Torsten |
|
From: Jordan H. <jo...@mj...> - 2004-08-26 12:53:07
|
On Thu, 2004-08-26 at 13:12, ddmails wrote: > Hi, > > i have a Problem using the Perl IPTables::IPv4 package with REDIRECTing. [snip] > that works fine. The error occurs when making commit. > > Can anybody help me ? > Hi, what is the error message (use "$!" to print that out) ? > mac matching alone works fine too, only redirecting makes problems > > Many Thanks > Torsten [snip] jordan |
|
From: ddmails <dd...@we...> - 2004-08-26 11:12:12
|
Hi, i have a Problem using the Perl IPTables::IPv4 package with REDIRECTing. The Problem is my script works fine on a debian woody systen, but not on my gentoo linux. On gentoo i tried gentoo kernel 2.6.7 and 2.6.8 and a clean unpatched vanilla kernel from kernel.org version 2.6.8. With no success Iptables is on both systems 1.2.9. So i cant find any differenz. Perhaps i have an error in my script: my @match = ( "mac" ); $wrong_mac_to_destination = "1001"; %hashref = ( jump=>'REDIRECT', source=>$ip, protocol=>'tcp', 'matches'=>\@match, 'mac-source'=>"!".$mac, 'to-ports'=>$wrong_mac_to_destination ); if (! $nattable->insert_entry('macmatching', \%hashref, 1) ) { LOG_util::UMlogerr("Failed to insert_entry into 'macmatching'"); } that works fine. The error occurs when making commit. Can anybody help me ? mac matching alone works fine too, only redirecting makes problems Many Thanks Torsten |
