LinuxQuestions.org - iptables STRING and p2p patch? kernel 2.6.7

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - iptables STRING and p2p patch? kernel 2.6.7 (https://www.linuxquestions.org/questions/linux-software-2/iptables-string-and-p2p-patch-kernel-2-6-7-a-203035/)

iptables STRING and p2p patch? kernel 2.6.7

Hello all.
Yesterday I've installed fresh linux box.

installed kernel 2.6.7 (from source) but it doesn't seem to have ipt STRING match options.
SO i've downloaded iptables-source, and patch-o-matic-ng and olso wanted to try out iptables-p2p.

Then, I tried to just compile iptables
but when I typed make (in /usr/src/iptables) i got:

:/usr/src/iptables# make
Extensions found: IPv4:recent IPv6:ah IPv6:esp IPv6:frag IPv6:ipv6header IPv6:hbh IPv6:dst IPv6:rt
cc -O2 -Wall -Wunused -I/usr/src/linux/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.11\" -D_UNKNOWN_KERNEL_POINTER_SIZE -fPIC -o extensions/libipt_ah_sh.o -c extensions/libipt_ah.c
In file included from include/libiptc/libiptc.h:6,
from include/iptables.h:5,
from extensions/libipt_ah.c:8:
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: warning: no semicolon at end of struct or union
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:255: parse error before `*'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:259: parse error before `}'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: type defaults to `int' in declaration of `DECLARE_MUTEX'
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: parameter names (without types) in function declaration
/usr/src/linux/include/linux/netfilter_ipv4/ip_tables.h:339: warning: `DECLARE_MUTEX' declared `static' but never defined
make: *** [extensions/libipt_ah_sh.o] Error 1

nor iptables nor linux-source aren't yet patched.
I just tried to compile iptables.

What could be the problem here?

Any help appreciated, thanks.

Iptables-1.2.11 won't build on a 2.6.7 kernel, I had to install a 2.6.6 kernel (which was a pain as it was patched from 2.6.1) and then build iptables and then reinstall the 2.6.7 kernel. The iptables will work fine with a 2.6.7 kernel, it just won't build from the source. What a nuisance!

You were right Andrew.
Just downlaoded kernel 2.6.6 at iptables compiled, now i met one more problem.
I have patch-o-matic-ng here, and wanted to patch out kernel

while running ./runme dstlimit I got answered if I really sure want to patch the kernel, i chose YES.
But after tryking to make i got tons of errors..

Then I took kernel source 2.6.6 (again, clear) and tried to patch with STRING match support, after running ./runme string i've got only message that all is excelent (seems not to patch?), no messages about asking for applying a patch. And no STRING match appeared in menuconfig.

From google I understood that people are using ipt_string module under kernel 2.6.X.

Maybe I'm doing something wrong?

Fixed kernel 2.6.7 + iptables-1-2-11 bug

Same problem with me, it turned out that gcc has a little pain with some multiple declaration, anyway I was able to fix the problem with a simple walkaround:

I just went to the code and found something like:

(/usr/include/linux/netfilter_ipv4/ip_tables.h)
struct ipt_counters __user *counters;

and changed it with:

struct ipt_counters __user;
struct ipt_counters *counters;

then here:

(/usr/include/linux/netfilter_ipv6/ip6_tables.h)
struct ip6t_counters __user *counters;

and changed it with:

struct ip6t_counters __user;
struct ip6t_counters *counters;

after these trivial modifications all gone well!

Hmm...changing the linux headers in /usr/include might not be the best way to fix this problem. This patch lets iptables compile against a 2.6.7 kernel for me http://ep09.pld-linux.org/~mmazur/li...iptables.patch