LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-05-2008, 08:47 PM   #1
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Rep: Reputation: 43
Exclamation firestarter Bug????


First; thanks for all the excelient help.

I am setting up a server for my home network. It is running Debian Lenny and is up to date. I want to setup iptables but in the mean time I am using Firestarter, which worked fine on my old server.

A couple of days ago I installed the new server out of necessity befor I was ready to and I didn't have time to test it. When I set up my internet conection sharing with firestarter all worked fine and after about 10 minuets the graphical interface died. The conection sharing is still working fine, and new computers brought online have access too.

I think this is a bug but I want to be sure befor I post a bug report. I have googled some but didn't see any thing like what I see happen.

I did send a request for help to the maintainer but they are busy and I have not heard back from them yet.

The specs:
intel celeron 1.7
kernel 2.6.25-2-686
kde 3.5.9
firestarter 1.0.3
gnome 2.22.3

all installed from deb servers as packages and not compiled from source except the nvidia drivers on my laptop.

I have the same versions on my laptop except it is running amd64 on Turion64x2. They were both updated at the same time. I just tested Firestarter on my laptop, which worked fine befor the update, and it dies on the laptop too.

I have looked at the logs but am not seeing anything that I can identify as info related to this problem. But then I may not be looking at the right log file.

I am also having a problem with kppp and samsung cell phones. It works fine with my motorola e815 but fails to authenicate with the samsung hue's my son and mother have. My mothers worked fine with my old server which runs debian etch. The samsungs are known to not play nice with bluetooth adapters and what not, so I wonder if they don't like the updated pppd or kppp apps. I have not call my provider yet to see if they have changed something. Plan on that tomorrow.

Still a functioning firewall is more improtant and the main focus of this post.

I have not tried running Firestarter from the command line to see if it is out putting some usefull info. Well it came up just fine launched from root. Will see. 8:26pm at 8:43 I noticed that it had died and the root terminal has
Code:
# firestarter
Firewall started
Segmentation fault
#
That is more than I knew before. It does look like a bug, at least to me.

What do you think.
 
Old 08-08-2008, 07:28 AM   #3
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks unSpawn.

I set the variable listed in the one post
Code:
# G_SLICE=always-malloc firestarter &
and restarted firestarter and it has not died since.

Thanks.

There was also, what I think is a patch linked in that post and I downloaded it but I am not sure what to do with it. I can open it in a text editor and it looks like a program or script. It is not a binary file.

I use kpackage for package management and I don't have a package listed for a firestarter-source package, at least not that I have found.

On a side note: I notice that the count of events that is listed on the status page is not updated correctly. When I first launched it I was getting some serious hits and that count was being incremented but all of the hits for the non-serious (in my case in black not red) are not being added to the count. I don't know if this behavior is related to the "G_SLICE=always-malloc" variable or not. I have launched firestarter with the variable set on my laptop to see if I get simalar results with the amd64 version there. But I really don't expect to get any of the non-serious type at my laptop because of the firewall at the server. It did increment the serious colum when my server requested a smb packet of some kind.

Once again thanks
 
Old 08-08-2008, 07:46 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by rbees View Post
There was also, what I think is a patch linked in that post and I downloaded it but I am not sure what to do with it. I can open it in a text editor and it looks like a program or script. It is not a binary file.
A patch for source code, made with some sort of 'diff' ('man diff'), describes changes between one and another version of that source code. You need the source package to be able to apply the patch then build the application. If the bug tracker maintainer indicated the patch was sent upstream to the Firestarter development team it may be incorporated in a new version. Of course it's easier to check announcements for a fix release.


Quote:
Originally Posted by rbees View Post
I use kpackage for package management and I don't have a package listed for a firestarter-source package, at least not that I have found.
One of the neat things of Debian is that for any package in their repo they'll always list the original source and modified Debian source for that package: given RELEASE=lenny and generic URI http://packages.debian.org/$RELEASE/$APPLICATION check http://packages.debian.org/lenny/firestarter.


Quote:
Originally Posted by rbees View Post
On a side note: I notice that the count of events that is listed on the status page is not updated correctly. When I first launched it I was getting some serious hits and that count was being incremented but all of the hits for the non-serious (in my case in black not red) are not being added to the count. I don't know if this behavior is related to the "G_SLICE=always-malloc" variable or not.
If you think it's a bug you know where to find the bug tracker. Else maybe it's a good question for the firestarter mailing list?


Quote:
Originally Posted by rbees View Post
I have launched firestarter with the variable set on my laptop to see if I get simalar results with the amd64 version there. But I really don't expect to get any of the non-serious type at my laptop because of the firewall at the server. It did increment the serious colum when my server requested a smb packet of some kind.
If you have another machine, and if you have set appropriate rules, you could test it from there with any packet generator. Nmap prolly being the simplest, just fire off an open X-mas scan or something like that.
 
Old 08-10-2008, 05:15 PM   #5
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks again unSpawn,

The package I downloaded is a 'diff' file. I looked at the link you posted and there are three source packages listed:

firestarter_1.0.3-6.dsc
firestarter_1.0.3.orig.tar.gz
firestarter_1.0.3-6.diff.gz

Which one do I need? I have never patched a source package before. I have compiled a few kernels but that was a few years ago, one of those "I have done that" things, not that I really know that much about it.

I looked at the sid package and it has the same version number as what I have installed, so it lookes like the patch is still being tested.

Quote:
If you have another machine, and if you have set appropriate rules, you could test it from there with any packet generator. Nmap prolly being the simplest, just fire off an open X-mas scan or something like that.
Any idea how I might do that from a win box? Or would my server work? It is running Lenny. The win box has Lenny on it to but it is my wife's box and she wont leave windows behind. I tried with the server and it did not cause any 'non-serious' hits on the laptop. That is probibly because conections are allowed from that ip.

I tried a couple of commands from my wifes box like ping and netstat but they didn't trip the hits either. But there again I was connected to her machine via tightvncserve and controling her machine form my laptop so. If I get ambisious later I will reboot her machine into Lenny and install the nessessary packages and see if I can get it to trip then.

Whan do you mean by "appropriate rules"? I have the firewall set to drop everything form the external side and drop everthing from the internal side that is not specifically allowed, I think. At least that is my intent.

Once again Thanks
 
Old 08-11-2008, 01:52 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,331
Blog Entries: 55

Rep: Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531Reputation: 3531
Quote:
Originally Posted by rbees View Post
Which one do I need?
You'll want the firestarter_1.0.3.orig.tar.gz and the firestarter_1.0.3-6.diff.gz. The "orig" is the upstream source and the diff are changes made by Debian. Unpack the tarball, cd into the dir. Apply the first patch to bring it up to debian specs and the second one to fix issue #449051: 'tar -xzf firestarter_1.0.3.orig.tar.gz && cd firestarter-1.0.3 && zcat ../firestarter_1.0.3-6.diff| patch -p1 && cat ../firestarter-tree_iter-crash.diff| patch -p1'. AFAIK you could build a proper package with 'dpkg-buildpackage -rfakeroot' but let's see first if you can do a binary package: 'fakeroot debian/rules binary' (all from within the "firestarter-1.0.3" dir). Let's keep the rules and testing for when this issue is fixed, OK?


Quote:
Originally Posted by rbees View Post
I looked at the sid package and it has the same version number as what I have installed, so it lookes like the patch is still being tested.
I don't know about Debian status but a quick look at Firestarter's CVS at Sourceforge shows no commits at all. So they either moved development elsewehere or it's simply not being developed anymore...
 
Old 08-12-2008, 06:02 AM   #7
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks unSpawn

That seams to all have gone well. Now if memory serves the next step is to do:

make clean
make install

with root privlages.

Or am I forgetting something.
 
Old 08-12-2008, 06:16 AM   #8
jomen
Senior Member
 
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 54
...don't forget to configure it:

./configure --help

for help on the options
and don't do this before "make clean" but after

an intemediate "make" step might be a better approach:
make
make install
 
Old 08-14-2008, 08:37 PM   #9
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks again unSpawn, and thanks jomen

I had to pull out the text editor for this post. After you mentioned it I remembered that other step 'make'. Like I said it has been some years since I did any compiling.

When I ran 'make clean' I got a message about there not being anything defined to clean. I did not record it so I can't say for sure just how it was worded. I put it down to there not having been a failed compile attempt, or it is not nessessary for firestarter.

When I ran 'make' it ran through OK, but at the end it spit out
Code:
configure: error: Library requirements (libgnome-2.0 >= 2.0.0
                  libgnomeui-2.0 >= 2.0.0
                  gtk+-2.0 >= 2.4.0
                  gnome-vfs-2.0 >= 2.6.0
                  libglade-2.0 >= 2.3.6) not met; 
consider adjusting the PKG_CONFIG_PATH environment variable if your libraries are in a nonstandard prefix so pkg-config can find them.
:~/firestarter-1.0.3$
A brief look at the installed packages on my system show that I have these installed. At least the compiled libraries. I have not had a chance to look for source packages yet. I took a second and third look at ./configure --help and I couldn't find a 'PKG_CONFIG_PATH' environment to set, much less how to set it. Makes me wonder if it is something I have to set in the source?

I also found the install instruction file in the source package. It talks about configuring the package but doesn't explain how. They are pretty generic instructions and not much help except for the basic steps. They did tell me about a log file (config.log) that gives me some more info. It has several entries like:
Code:
configure:2760: gcc -c -g -O2  conftest.c >&5
conftest.c:2: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'me'
configure:2766: $? = 1
configure: failed program was:
| #ifndef __cplusplus
|   choke me
| #endif
configure:2900: checking for library containing strerror
and
Code:
configure:3616: gcc -c -g -O2  conftest.c >&5
conftest.c:2: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'me'
configure:3622: $? = 1
configure: failed program was:
| #ifndef __cplusplus
|   choke me
| #endif
configure:3758: checking for gcc option to accept ANSI C

configure:3943: gcc -E  conftest.c
conftest.c:11:28: error: ac_nonexistent.h: No such file or directory
configure:3949: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| /* end confdefs.h.  */
| #include <ac_nonexistent.h>
configure:3988: result: gcc -E

configure:4248: gcc -o conftest -g -O2   conftest.c  >&5
conftest.c: In function 'main':
conftest.c:28: warning: incompatible implicit declaration of built-in function 'exit'
configure:4251: $? = 0

configure:5678: g++ -c -g -O2  conftest.cc >&5
conftest.cc: In function 'int main()':
conftest.cc:26: error: 'exit' was not declared in this scope
configure:5684: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| /* end confdefs.h.  */
| 
| int
| main ()
| {
| exit (42);
|   ;
|   return 0;
| }
configure:5633: g++ -c -g -O2  conftest.cc >&5
conftest.cc:22: error: 'void std::exit(int)' should have been declared inside 'std'
configure:5639: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| /* end confdefs.h.  */
| extern "C" void std::exit (int) throw (); using std::exit;
| #include <stdlib.h>
| int
| main ()
| {
| exit (42);
|   ;
|   return 0;
| }
configure:5633: g++ -c -g -O2  conftest.cc >&5
conftest.cc:22: error: 'void std::exit(int)' should have been declared inside 'std'
In file included from conftest.cc:23:
/usr/include/stdlib.h:531: error: declaration of 'void std::exit(int) throw ()' throws different exceptions
conftest.cc:22: error: from previous declaration 'void std::exit(int)'
configure:5639: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| /* end confdefs.h.  */
| extern "C" void std::exit (int); using std::exit;
| #include <stdlib.h>
| int
| main ()
| {
| exit (42);
|   ;
|   return 0;
| }
configure:5633: g++ -c -g -O2  conftest.cc >&5

configure:5794: g++ -E  conftest.cc
conftest.cc:25:28: error: ac_nonexistent.h: No such file or directory
configure:5800: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| #ifdef __cplusplus
| extern "C" void exit (int) throw ();
| #endif
| /* end confdefs.h.  */
| #include <ac_nonexistent.h>
configure:5839: result: g++ -E
configure:5863: g++ -E  conftest.cc
configure:5869: $? = 0
configure:5901: g++ -E  conftest.cc
conftest.cc:25:28: error: ac_nonexistent.h: No such file or directory
configure:5907: $? = 1
configure: failed program was:
| /* confdefs.h.  */
| 
| #define PACKAGE_NAME ""
| #define PACKAGE_TARNAME ""
| #define PACKAGE_VERSION ""
| #define PACKAGE_STRING ""
| #define PACKAGE_BUGREPORT ""
| #define PACKAGE "firestarter"
| #define VERSION "1.0.3"
| #define STDC_HEADERS 1
| #define HAVE_SYS_TYPES_H 1
| #define HAVE_SYS_STAT_H 1
| #define HAVE_STDLIB_H 1
| #define HAVE_STRING_H 1
| #define HAVE_MEMORY_H 1
| #define HAVE_STRINGS_H 1
| #define HAVE_INTTYPES_H 1
| #define HAVE_STDINT_H 1
| #define HAVE_UNISTD_H 1
| #define HAVE_DLFCN_H 1
| #ifdef __cplusplus
| extern "C" void exit (int) throw ();
| #endif
| /* end confdefs.h.  */
| #include <ac_nonexistent.h>
configure:6002: checking for g77

configure:15594: f95 -c -g -O2 conftest.f >&5
Warning: conftest.f:1: Illegal preprocessor directive
configure:15597: $? = 0
I don't think i missed any. Sorry for the length, but I included them for completeness.

When I get a chance i will check more thoroughly if I have the correct packages installed and look at the ./configure script to see if I can determine how to point it to the correct place.

Last edited by rbees; 08-14-2008 at 08:39 PM. Reason: credit where credit is due
 
Old 08-15-2008, 12:52 AM   #10
jomen
Senior Member
 
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 54
You will usually need "pkg-config" installed as well as _all_ the development versions of the libraries - the runtime versions are not enough.

"make clean" is for cleaning the source _after_ a compile - so that you can re-configure and then re-make from a known clean state.
If you did not yet configure the source - there is no point in attempting "make clean"
(look at the Makefile for what the different targets do)
 
Old 08-16-2008, 11:12 PM   #11
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks jomen,

Writen earlier,

The make clean errror:

make: ++ No rule to make target 'clean'. Stop.


I ran 'apt-get build-dep firestarter' and installed 40 packages. So I guess I may have found the problem.

It seams that I have success. It has run for a few minuets now. I will leave it run untill I have to leave for work, at which time I have to shut it down. This is on my laptop.

I know it is possible to compile it on my laptop for the server. You mentioned making a 'deb' package. Any gotcha's?

Thanks.
------------------

opps

I forgot to uninstall firestarter befor running 'make install' and didn't get a working install somehow. My guess is that it didn't install over the existing version seeing as how they both have the same version number I think. I just did the uninstall and 'make install' thing corectly this time and things seam to be working alright now. Time will tell.

It seams that I didn't get a menu item for firestarer with the 'make install' option. Not that I can't make it run with the Run menu item but a normal menu item would have been nice. Did I do something wrong? Or is that something I have to do manually since I installed form source? Would 'apt-get -b source firestarter' give me the menu item? Of course I would have to make sure that apt-get was reading the patched source file.

Thanks
 
Old 08-17-2008, 02:35 AM   #12
jomen
Senior Member
 
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 54
Quote:
It seams that I didn't get a menu item for firestarer with the 'make install' option. Not that I can't make it run with the Run menu item but a normal menu item would have been nice. Did I do something wrong? Or is that something I have to do manually since I installed form source? Would 'apt-get -b source firestarter' give me the menu item?
You did not do wrong - the menu item is a customization made by your distributor.
Since you circumvented the package manager - the customizations are not installed.
All the files are still there - you just need to do the work yourself.

Or you need to follow the way debian packages are built - so that you have at the end a installable .deb package made by you from patched source.
It is faily easy and involves a few more steps than just building - and you will need to find out how to do that yourself.

Isn't firestarter just a tool to set up iptables rules?
These rules could be saved - and re-used at boot time.
No need for the constant use of a graphical interface. Set and forget. Am I mistaken?
 
Old 08-17-2008, 06:16 AM   #13
rbees
Member
 
Registered: Mar 2004
Location: northern michigan usa
Distribution: Debian Squeeze, Whezzy, Jessie
Posts: 871

Original Poster
Rep: Reputation: 43
Thanks jomen,

Yes Firestarter is just a gui to control iptables. As I think I mentioned at the start of this post I am using it as a stop gap mesure untill I have time to learn and implement Shorewall or some other more effective way to have a firewall on my server/router.

Also I am not a big comand line person and don't use it unless I have to. I must admit that I am better with it than I was a few years ago.

There is another issue that makes firestarter very usefull for me. It is easy to stop and restart. That is important because my internet source comes and goes with my cell phone because it is teathered to the server (or laptop when on the road) either by a hard wire or bluetooth.

I would preferr to use iptables but the learning curve is some what steep and I only have so many hours I can devote to playing with new programs. Maybe when the snow comes and I am stuck inside I will have time.

Report: As of this morning firestarter has not died on my laptop. So it appers that the patch has fixed the issue of it crashing.

Once again

Thanks to all, unSpawn and jomen especially, but even those who may gain insite from my strugles.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
dhcp bug or bug in my head belda Linux - Networking 2 01-26-2008 09:46 AM
LXer: 2008 CES: Bug Labs Introduces BUG, BUGbase. So Cool! LXer Syndicated Linux News 0 01-09-2008 02:21 AM
2038 bug-Is Debian Bug-Proof? deepclutch Debian 1 08-02-2007 11:59 AM
Firefox bug? Fedora 7 bug? or what? hawke Fedora 8 07-22-2007 08:00 PM
Free86 bug or nVidia bug?? ProtoformX Linux - Software 2 05-12-2004 03:38 AM


All times are GMT -5. The time now is 01:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration