Menu
▾
▴
#58 l7-filter userspace not compatible with kernel 2.6.24
The module ip_conntrack_netlink no longer exists in kernel 2.6.24, and only module nf_conntrack_netlink can be loaded. After this module is loaded, and run l7-filter, an error is reported by NETLINK, "NFNETLINK answers: Invalid argument, error during nfq_unbind_pf()".
Logged In: YES
user_id=641634
Originator: NO
Same problem here. Ubuntu with 2.6.22 works with l7-filter userspace, although there's a warning:
***WARNING***
The ip_conntrack_netlink module does not appear to be loaded.
Unless you have it compiled into your kernel, please load it
and run l7-filter again.
2.6.24 doesn't work. As far as i could see, both kernels' configurations are basically the same with respect to netfilter options, however, 2.6.24 doesn't work, outputing the error:
NFNETLINK answers: Invalid argument, error during nfq_unbind_pf()
Logged In: YES
user_id=2131187
Originator: NO
I created a patch as per
http://www.spinics.net/lists/netfilter/msg42063.html
I dont know how to attach a file so I've just pasted it below
--- l7-queue.cpp 2008-08-30 11:51:19.000000000 +1000
+++ l7-queue.cpp 2008-08-30 11:52:54.000000000 +1000
@@ -111,10 +111,7 @@
}
l7printf(3, "unbinding existing nf_queue handler for AF_INET (if any)\n");
- if(nfq_unbind_pf(h, AF_INET) < 0) {
- cerr << "error during nfq_unbind_pf()\n";
- exit(1);
- }
+ nfq_unbind_pf(h, AF_INET);
l7printf(3, "binding nfnetlink_queue as nf_queue handler for AF_INET\n");
if(nfq_bind_pf(h, AF_INET) < 0) {
Logged In: YES
user_id=220960
Originator: NO
Thanks, that works for me. Tested with kernels 2.6.22 - 2.6.25.