LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   iptables missing libipt_connbytes.so? (https://www.linuxquestions.org/questions/slackware-14/iptables-missing-libipt_connbytes-so-404532/)

bbeers 01-17-2006 01:07 PM
iptables missing libipt_connbytes.so?
 
So, I'm trying to use iptables on my Slackware 10.2 with
a 2.6.15-rc5 kernel with practically all the iptables modules
built as modules.

Why do I get this output?
code:
Code:
root@alakazam:~# iptables -m connbytes -h
iptables v1.3.3: Couldn't load match
 `connbytes':/usr/lib/iptables/libipt_connbytes.so:
 cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
root@alakazam:~#
Well, I know why I get that output. Why is there no
/usr/lib/iptables/libipt_connbytes.so?

Is iptables package in need of update to work with 2.6.X kernels'
available modules?
I have iptables-1.3.3-i486-1, which is latest from
<http://slackware.it/en/pb/search.php?v=current&t=2&q=libipt_*>.

TIA,

-bbeers

win32sux 01-22-2006 05:14 PM
i would do these things if i were you...

- download the latest kernel source code (2.6.15.1 at the time of this post)...

- double-check that all the netfilter options are properly set and stuff...

- recompile kernel...

- recompile iptables using the latest source code (1.3.4 at the time of this post)...


but having said that, i'm using iptables 1.3.4 and kernel 2.4.33-pre1 and i get the same result as you do, so i doubt it's a 2.6 issue:
Code:
bash-3.00# iptables -m connbytes
iptables v1.3.4: Couldn't load match `connbytes':/usr/lib/iptables/libipt_connbytes.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
bash-3.00# find / -name libipt_connbytes.so
bash-3.00# uname -r
2.4.33-pre1
as you can see, there's no file named libipt_connbytes.so on my box... so i'd assume it's due to an option that was missed during the kernel configuration before the build, but i'm not sure what the connbytes module does, though... could it be that the module's name is misspelled or something like that?? or perhaps it's a module that has been removed from netfilter?? when was the last time you got it to actually work??

win32sux 01-22-2006 05:25 PM
i've found a patch named connbytes in the patch-o-matic repository, so i'm thinking maybe you need to patch before you get the connbytes option??

http://netfilter.org/projects/patch-...xtra-connbytes

bbeers 01-22-2006 06:57 PM
Thanks for confirming my issue.

I think the libipt_* files are built from the iptables
source not kernel source. I can modprobe ipt_connbytes
kernel module, it is the library that is missing.

I guess what I'd like to see is the latest iptables package
from slackware include support for *all* the iptables kernel
modules available in the recent vanilla kernels.

I could compile iptables libraries myself, sure, but doesn't
this seem like an oversight wrt the iptables package?

How would one go about making this kind of request? An e-mail
to PJV, himself? Does he read ths forum? Slackware.com still
lists this as "our favorite Slackware questions forum". :)

--
-bbeers

win32sux 01-22-2006 07:21 PM
Quote:
Originally Posted by bbeers
Thanks for confirming my issue.
you're very welcome...

Quote:
I think the libipt_* files are built from the iptables
source not kernel source. I can modprobe ipt_connbytes
kernel module, it is the library that is missing.
hmmm, i see... well, i can't modprobe ipt_connbytes on my 2.4 box, so i guess it's different on 2.6... i don't have any experience with 2.6, though...

Quote:
I guess what I'd like to see is the latest iptables package
from slackware include support for *all* the iptables kernel
modules available in the recent vanilla kernels.
but wouldn't that affect 2.4 compatibility?? i mean, keeping in mind that while slackware has both 2.4 and 2.6 it needs to keep a delicate balance and stuff... of course when slackware goes completely 2.6 then things will be different...

Quote:
I could compile iptables libraries myself, sure, but doesn't
this seem like an oversight wrt the iptables package?
i'm not sure it's an oversight... but if you know what you need to do in order to get these features when compiling iptables then it's just a matter of editing the build script for iptables on slackware 10.2... you could then post your changes to this thread so that it could help other people who have the same issue as you... i tried looking to see which options one would enable at compile time for iptables but couldn't really find anything relevant... perhaps it's just a matter of rebuilding iptables while running the 2.6 kernel?? :confused:

Quote:
How would one go about making this kind of request? An e-mail
to PJV, himself? Does he read ths forum? Slackware.com still
lists this as "our favorite Slackware questions forum". :)
yes, this kinda thing is usually dealt with by sending him an email, but only after having tested and considered everything about the issue very thoroughly, of course...

win32sux 01-23-2006 12:54 PM
how'd it go with this, bbeers?? did you get it working?? i'm starting to think that if you already have the connbytes functionality in your kernel/modules then it's just a matter of recompiling iptables while running that kernel, cuz i couldn't find anything in the iptables installation that would enable such a thing, but i'm not sure of course... have you tried it?? make sure you try compiling iptables 1.3.4 cuz in the changelog they do mention an issue with connbytes and linux 2.6 which was fixed:
Quote:
Fix compilation of connbytes match with 2.6.14 kernel
http://www.netfilter.org/projects/ip...bles-1.3.4.txt

bbeers 01-25-2006 03:42 PM
Quote:
Originally Posted by win32sux
how'd it go with this, bbeers?? did you get it working?? i'm starting to think that if you already have the connbytes functionality in your kernel/modules then it's just a matter of recompiling iptables while running that kernel, cuz i couldn't find anything in the iptables installation that would enable such a thing, but i'm not sure of course... have you tried it?? make sure you try compiling iptables 1.3.4 cuz in the changelog they do mention an issue with connbytes and linux 2.6 which was fixed: http://www.netfilter.org/projects/ip...bles-1.3.4.txt
I haven't had the time to chase it down any further yet -- been
very busy at work.

I did notice that iptables project has a lot of non-vanilla stuff
-- which I guess will not be in a slackware iptables package
since the kernel is built vanilla.

I just looked at the kernel itptables modules available in the
'testing/packages/linux-2.6.14.6/kernel-modules-2.6.14.6-i486-1'
and connbytes is not there. So I guess I added it when I compiled
my own kernel 2.6.15-rc5. But, still, I think more iptables
modules could be built with vanilla 2.6.X kernel, and so iptables
needs to be built with all corresponding libs.


All times are GMT -5. The time now is 11:47 AM.