IPP2P + Slackware

Printable View

10.01.2009, 22:43
Lukas L.

IPP2P + Slackware

snazim se na Slackware proti kernelu 2.6.26.2 a iptables z currentu 1.4.2 zkompilovat aktualni ipp2p (0.8.2) - cz se mi nedari kvuli zadrhelu ve zdrojovem souboru k.so knihovny libipt_ipp2p

Kód:

gcc -O3 -Wall -DIPTABLES_VERSION=\"1.4.2\" -I/usr/src/iptables-1.4.2/include -fPIC -c libipt_ipp2p.c libipt_ipp2p.c:376: error: variable 'ipp2p' has initializer but incomplete type libipt_ipp2p.c:378: error: unknown field 'next' specified in initializer libipt_ipp2p.c:378: warning: excess elements in struct initializer libipt_ipp2p.c:378: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:379: error: unknown field 'name' specified in initializer libipt_ipp2p.c:379: warning: excess elements in struct initializer libipt_ipp2p.c:379: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:380: error: unknown field 'version' specified in initializer libipt_ipp2p.c:380: warning: excess elements in struct initializer libipt_ipp2p.c:380: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:381: error: unknown field 'size' specified in initializer libipt_ipp2p.c:381: warning: excess elements in struct initializer libipt_ipp2p.c:381: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:382: error: unknown field 'userspacesize' specified in initializer libipt_ipp2p.c:382: warning: excess elements in struct initializer libipt_ipp2p.c:382: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:383: error: unknown field 'help' specified in initializer libipt_ipp2p.c:383: warning: excess elements in struct initializer libipt_ipp2p.c:383: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:384: error: unknown field 'init' specified in initializer libipt_ipp2p.c:384: warning: excess elements in struct initializer libipt_ipp2p.c:384: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:385: error: unknown field 'parse' specified in initializer libipt_ipp2p.c:385: warning: excess elements in struct initializer libipt_ipp2p.c:385: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:386: error: unknown field 'final_check' specified in initializer libipt_ipp2p.c:386: warning: excess elements in struct initializer libipt_ipp2p.c:386: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:387: error: unknown field 'print' specified in initializer libipt_ipp2p.c:387: warning: excess elements in struct initializer libipt_ipp2p.c:387: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:388: error: unknown field 'save' specified in initializer libipt_ipp2p.c:388: warning: excess elements in struct initializer libipt_ipp2p.c:388: warning: (near initialization for 'ipp2p') libipt_ipp2p.c:389: error: unknown field 'extra_opts' specified in initializer libipt_ipp2p.c:390: warning: excess elements in struct initializer libipt_ipp2p.c:390: warning: (near initialization for 'ipp2p') libipt_ipp2p.c: In function '_INIT': libipt_ipp2p.c:396: warning: implicit declaration of function 'register_match' make: *** [libipt_ipp2p.so] Error 1

kdyz to zkompiluju proti iptables 1.4.0 - tak to vytvori soubor .so, ktery 1.4.2 samozrejme nezavede - protoze tvrdi :

Kód:

iptables -m ipp2p --help /usr/libexec/xtables/libipt_ipp2p.so: /usr/libexec/xtables/libipt_ipp2p.so: undefined symbol: register_match iptables v1.4.2: Couldn't load match `ipp2p':(null) Try `iptables -h' or 'iptables --help' for more information.

to znamena, ze ta funkce register_match v nove verzi jaksi nefunguje a mozna i se strukturou iptables_match je to trosku jinak...- koukal jsem na netfilter stranky a 1.4.0 je snad 2 roky zpet stara verze - takze nejaky downgrade delat nehci. Nasel jsem i slackware balicek ipp2p, ale s modulem proti kernelu 2.6.21-SMP...

Nekompiloval to nekdo proti novejsim iptables ? Patche na kernel 2.6.26.2 a iptables 1.4.0 jsem nasel a aplikoval...

PS Muj cil je blokovat P2P site - minimalne DC++ (tam jsem zatim utnul TCP 411, 4111 a 555), BitTorrent - takze mozna by to slo delat i jinym L7 filtrem, ale ipp2p mi zatim prisel jako nejjednodussi na implementaci
11.01.2009, 09:28
admix

Re: IPP2P + Slackware

Muzes zkusit l7-filter, ale nemuzu rict jak moc dobre to odchyta
12.01.2009, 00:44
Lukas L.

Re: L7-filter + Slackware

dobre - taze nove tema l7-filter (userspace) a slackware :

ad l7-filter - to taky neni uplne trivialni kompilace - ale dejme tomu, ze jsem posathoval knihvony libnetfilter_conntrack a libnetfilter_queue vcetne zavislosti linnfnetlink z netfilter stranek a podarilo s mi zkompilovat l7filter binarku. Mam zavedeny moduly:

lsmod
Module Size Used by
nfnetlink_queue 7168 0
nfnetlink_log 6984 0
cls_u32 5764 2
sch_ingress 2048 2
sch_htb 13184 2
xt_state 1920 4
iptable_mangle 2560 1
xt_DSCP 2816 11
xt_limit 2048 7
ipt_REDIRECT 1664 5
xt_tcpudp 2688 32
iptable_nat 4488 1
iptable_filter 2432 1
ip_tables 9360 3 iptable_mangle,iptable_nat,iptable_filter
nf_nat_ftp 2432 0
nf_conntrack_ftp 6304 1 nf_nat_ftp
nf_conntrack_netlink 11520 0
nfnetlink 3224 3 nfnetlink_queue,nfnetlink_log,nf_conntrack_netlink
ipt_MASQUERADE 2304 1
nf_nat 13456 5 ipt_REDIRECT,iptable_nat,nf_nat_ftp,nf_conntrack_n etlink,ipt_MASQUERADE
nf_conntrack_ipv4 11276 7 iptable_nat,nf_nat
nf_conntrack 42880 8 xt_state,iptable_nat,nf_nat_ftp,nf_conntrack_ftp,n f_conntrack_netlink,ipt_MASQUERADE,nf_nat,nf_connt rack_ipv4
ipt_REJECT 2560 1
ipt_LOG 4736 8
x_tables 10756 10 xt_state,xt_DSCP,xt_limit,ipt_REDIRECT,xt_tcpudp,i ptable_nat,ip_tables,ipt_MASQUERADE,ipt_REJECT,ipt _LOG
lp 7788 0
i2c_i801 9616 0
i2c_i810 3844 0

a nastaveny posilani do NFQUEU targetu v chainu FORWARD. v l7-filter.conf mam, ze se urcity protokoly - pro test vcetne http maji markovat na 0x7. V dalsim kroku v iptables vsechny pakety mark 7 zahazuju s logovanim (s limitem a burstem samozrejme). Po spusteni l7-filteru v verbose modu vidim jak tam litaji pakety s IP, src a dst, portem, ale nejde z toho zadne markovani 0x7.

opening library handle
unbinding existing nf_queue handler for AF_INET (if any)
binding nfnetlink_queue as nf_queue handler for AF_INET
binding this socket to queue '0'
setting copy_packet mode

dal je to v podstate : Made key from packet:, nejak poznamka o zadnem contentu v paketu...

nevim presne co dal ;) chci ty omarkovany pakety zahodit a zbytek pustit....
12.01.2009, 07:08
admix

Re: L7-filter + Slackware

Ja tohle resil primo pravidlem v iptables, ale bohuzel uz je tu nemam tak nevim jak to presne ma vypadat :( Ve stylu `iptables ... -m layer7 --l7-type=http -j MARK ...`
12.01.2009, 09:41
Lukas L.

Re: IPP2P + Slackware

no jo, ale ja pouzivam user space filtr a ne patch kernelu...
23.03.2009, 16:01
Lukas L.

Re: IPP2P + Slackware

Aby nezustal otevreny konec - musel jsem upravit konfig, prekompilovat kernel a l7-filtr uz dostava spravna data. Jen pri urcitem (nevim kolik) poctu paketu (par dni to trva) spadne na :

Kód:

Mar 21 12:48:24 kernel: l7-filter[28150]: segfault at 0 ip b7e590bb sp b7c7d0b0 error 4 in libstdc++.so.6.0.9[b7e03000+db000]
03.05.2010, 23:24
misi

Re: IPP2P + Slackware

Citace:

Původně odeslal Lukas L.

snazim se na Slackware proti kernelu 2.6.26.2 a iptables z currentu 1.4.2 zkompilovat aktualni ipp2p (0.8.2) - cz se mi nedari kvuli zadrhelu ve zdrojovem souboru k.so knihovny libipt_ipp2p

Taky jsem chtel zkompilovat moje oblibene ipp2p a s hruzou jsem zjistil, ze se uz nevyviji!
na http://ipp2p.org je posledni verze 0.8.2. Ja mam kernel 2.6.32 a iptables 1.4.5, ale myslim, ze problem je stejny. Koukal jsem do zdrojaku, asi se zmenilo API, mozna v souvislosti s xtables. Zkusil jsem ty zmeny priohnout, tady je patch:

Kód:

H4sIAPU930sAA+1c+3PaSBL+Gf6KiXObSCBhxMPYZO0KaztZVxxw+bFx3e2VTkgDaAGJ0sOxN8n/ ft0zIzHiYcjFuSKO5QpiHmr1dH/9TctWx3F7PaJfkRrRA+JOJpWJXi7tlirb760h7bkjKneWPPox Hcjrur7wilylXN7Ry3t6pUGMSrNcbdaMUjk5SLEM4/lisbhUMggwynq5rperpAICjKaxUzIajbpR M6oVIeD1a6LvVLU9UmSfr1/nCf6M3K47iUwmuhT6zWyHTabfB3mS+4dyeKgS+Hxz2np7gd9Ozi5b v50eX5ids8uTTjvTddI+PL06OlaJ3js7OSS6PSM8r+dGDtHDgRVQOPuzymTbfr4o7r/+FbBAe0Qt rwm668EYFCGFkg//QvwY+qRUKNljB76PfQcUItRz3F7eWebkrGWy3sgsbMbV0ljG20azDv4qr+Xt rAzZ4RWjWdkpVXfL9crO7l5Dcnhd2yXFunD3c9ezR7FDya8j14tvtz0aAXoiGoDYmxrINyOrO6Jh aXAwP/mGBqHre2xse3ulqBQ0sqgtqX8rX5wV4s5M/xWkbkf2ot7Y4b3Q70AIeJT0aWTGu8q11lEJ UQqKCS1SUJVrUiQdVWXWaFRqWhUCoFGpaxWD2QSPT2UNf9pXp6df8uTLKxYYehhZkQte9qK8PrYi e6DYvhdGJIyC2IbT0OzGgJJCOOxqeZ0JIpkZoKfp0BvXpqTgeqvn+HEEk567PXJ60r66Nv84Pr+A iDIPO0fH5GCfvDs+bx+fJt1KRdvRjIa6UOxtZDKVCSmM79i3mdvf+C6Ano24Xs9PR2G1xO/1Qhql XbEXun0Pog3HxneTwI9gBmpKRyH9H8Q+5zGmL13rr4uWWlYX3WrgBFNFTbiNsWNGxLEia0S9zL2m ihQGfuQE/kTNF7u+PyIrnVsk02Ohmc2JFVhjUmAnNU8+8dtl5iL0Afgm2gXxAJ/7JLXUK36T1Vew W+gH0oVZJ9nAjOD1gXUH+LWHr7gmqUSwF4iagCBYmX7gDUrQJ26+YBJQAjQUmKuKG6EBUamAhvEo gilljbh4eoW0kMwYUMsxwQPSRQNowjwv8geh4k70g8iPcIqqs5Y7GBVq6qvcdkFMnID2NNLRlQR6 +tGgsI2Bicd2YRyDnTw/Il1KLNILrP6YehHMYMsFWCkcbir6IodtNJZ+4NBu3FfJJACVhsrWydlZ 5azEjNkUACU9P/Yc8otL/vS2NCFFWAjlCAfgLWEQ5Re/Qf6MNLBXLqBRHHjMoHh84ad04bDlkzAO KIkGFgK1S9wQdj2PWgEsH1lut2JoBrDcbrkmiP8L3+qznGYPKFjYi4I7gX0GnQLbAjxrTL+Bi+bC 1J1oZMHgLFtJZJUhl/lL+EbCBE+DPAez5hkoN8dhOBi6f9NFgwPfH4I24TBhhzkzSUqDnOF87Kca bxfIe8RpOKG227sj+oTAbkYQxzAk8ITgZ5xKnu0TwMt557JjXh6ekc+f+aDr3fRGVj8kL2D4EnKq P0w2SVXZvQq5BGxsY22Sjje6Ix/9YBgS3yMoiYdSqJE4pEIJwB6AjaGlsacZNUBLvYJnnhZOcUJM 4B8XDA4fChp3ukRxX4QCaPWmQzjcyc0vAEjfclyvjxAnrDeBiioYSaAc/RjQvhti6sCJ+AVbB28k gSdm366ajEjPpeozLJgmvQX9IUdwp/pzloB7x94ad79dPW+lQWIPTUKdRRbh8c1VhzQ0HlFmcwU/ QPbSZHQuU8/mi7O59kxKmh0WWamhl2vEaDQrtaaxl8lKjSVZ6ZyYTGJabVbqpWoNE9Oy0cg+iSDq 8FQRoMtJyENP5XVmBSniWRimXKFlI7fg9WwLohUC9/7rpgi+b6NVFg6qQNa4JWGOyECU3JV83ift N4fmVftdu/OhDShPGJuFTwQzuGvJRzcaEEhaLdw/b6xRTENkBL5P4h6CzyP7Kf9L+4ro5ansrlap 7EAquwPnOrNgLhu5ecwVQqqgbWxNsHvBCvo3GrMX8AoNolkjMqpBYpyjW2ZEUmAnnLDQ+DiwzPCc lcE9OXlrEPKKuSmvLrzqG3ymCBmp66YbagjegLsoNiPTnG0BQ740XjZzkIiAH5oc7uifXELYSiGh 44vfO+eX5u+t9pHJIlol+/vznWARdi3SkEmDwA+Us9Z56/3x5fE5Mjk8Kb/H9ec41bAnsOXzSA6O hOr/o+vs20vY0+6A7YH4IR/aEpP4tuOCh3zPps+Q8AGO96/jqHXZml0G6/s/rILlequWYo18j61l kU9U3EPLm2DxVE2eYvCdngWcer9aJLkTn03+9ezfmOBhqmuNRv5H6jCpxTmpq9axpmBuUwGN4jyc kxkyVfHZyUg3oNYwaaQxVZFiijrDJRHFN8bjo3cMg9PW9/Uo6LNOBE3N84PSwBSUj4wH5GMRoFDz GVSlXZlnjFXLkqeuXtyqI1k4puUJDDvn4quwQjcWz7k+ZA1+DxOJ8WPglTS27yGUhEFkVslPKaUh UYpjr4WDQxkBh5vge3C2Y8+BfeXVi/b2J2r6Uakpi0vRswHgFMSEAOW85NiPjZbkY5adjg7Xz3Yk XtqTeKnvxeug4G37SkIAtjbA++BvUP9huOlxBfUjYdpVqGRMlIVm2rUB+BTsxDDK6Qm+/kz8BH74 GoIS9GRJ9DS0/rasdQjqXeufrZaEA97eABCA19kinmjq56apWYBKnRuAUkFVAqmcrFjjZ6Ir5o11 CSu3/JC4rCtxWdeN1mGy304uJZhgawPwAXAA9Z8eA3/cX5veB3wA2cPC3pZgb00mI7oO8FtnZ6fH EvR5ezPAzxbxBP/HCX8GtAcKgDQEHCkEQj8erRMBF52rUykAWHMz8I8reIL/44Q/wuyh0U8l9H90 vfHtOvD/cNJ+fy3hn7c3IwDYIp4i4HFGAAPaw2ZAPTkDCqZv0NyH/9b58YWc/2BzM9CPK3gC/+ME P8LsQbCfS8Hfl8A/jqO1sv/3V5dy8s+amwF+XMGDgP8xoQb98zCo4ZAZyAmDFa6HmQ+tiwxoeHsz UMMW8QSb2Z0WPfSQuHEl3Nw69lpvWVwfHcp/z2bNzQDNg+2zjwkz6J+HTc7+kl/MwReXsS7nB7OY ZI7k3Wvj62whXvFu5nVeF7Um+LOTV8N/e5vptPWnx/9KxOpQaEQDMgl8uHbcJD1f1A2QOLT6lER3 E4pvNnPZRB+LUV0f0JEoDeErXVyLJHoNXkBSLTc0fLW/Wq7hGd9El1/ix8oLa2SyMhol8844f2U3 fbEbvfhM9H0/tvg+xkoKrLLlC6weRFlet5RovfhV+7RegVdEFWVpaVXVdPmzxUmLZJAc2t2LxzRw 7W8rg0CB2ffpGRZqO1hgXq0lFeY5/sDAwwJnzVsptG7oUiOtYxs1X5RkTAvOVlvkoU2Q4liZEum6 D2C8eqinbImnJZIUaFUbdc2oglEbaYFW8tsgYUes60s05Pjni2Ry9gmYJ7HBolHySShe8uhtJAXT PsGKaC0ZhEDJDHIi3RI4Lon68Ol4+r8AiDongdX5ideL5wX0xpUmYqWpUAVr9zKqYF1c6/TkbVvB Ib+3yGOqmlweh6DBxLIpl/O1l2PYZ+7+AnuSUVbtkxnFHo17cq+uIVHuVbVG+v8v8CK1bHmdqJBb UHA2LUnjrlw2iTHSfwElCh7Rq0IAAA==

Postup rozbaleni (na stdin pastnete ten text z okna vyse):

Kód:

tar -zxvf ipp2p-0.8.2.tar.gz base64 -d | gzip -d | patch -p0 cd ipp2p-0.8.2 make