Help me.

Help me.

[Ralph Metzler]

Hi,

=?EUC-KR?B?sK29xbHU?= writes:
 > I am trying to port a linux 2.4 to R3000 based system (LSI LOGIC
 > SC2000).
 > SC2000 have caches. one is Two-way set associative or direct mapped
 > Instruction cache (16K) and another is Direct-mapped data cache(8K).


I also spent one or two weeks with Linux on an SC2000 a while ago 
but had to stop due to other more important projects. I also ran 
into problems with the caching. Without caching I got it to boot 
via NFS. Anyway, at least one mistake is in this part:


 > ---------------lsi-cache.S--------------------------------
 > 
 > /* void flush_icache(void) */
 > LEAF(flush_icache)
 >         .set    noreorder
 > 
 >         la      a3, icache_size     # 8Kbyte
 >         lw      t4, 0(a3)
 > 
 >         mfc0    t7, CP0_STATUS          # save SR
 >         nop
 >         nop
 > 
 >         and     t0, t7, ~ST0_IEC        # disable interrupts
 >         mtc0    t0, CP0_STATUS
 >         nop
 >         nop
 > 
 >         li      t3, CBSYS             # BBCC configuration register
 >         lw      t8, 0(t3)               # save config. register
 >         nop
 > 
 >         li      t0, KSEG0
 >         or      t4, t4, t0              # end of I-cache
 > 
 >         move    t5, t0
 > 
 > 2:        la      t0, 3f                  # switch to Kseg1
 >         or      t0, KSEG1
 >         jr      t0
 >         nop
 > 
 > #
 > # flush I-cache set 0
 > #
 > 3:
 >         li      t0, (CFG_DCEN | CFG_ICEN)
 >         or      t0, CFG_CMODE_ITEST     # I-cache set1 enable
 >                                         # D-cache enable, I-cache set0
 > enable
 >                                         # I-cache software test
 >         sw      t0, 0(t3)
 >         lw      zero, 0(t3)
 >         addi    zero, zero, 1
 > 
 >         move    t0, t5
 > 4:      sw      zero, (t0)
 >         nop
 >         lw      zero, (t0)
 >         addu    t0, t6
 >         bltu    t0, t4, 4b
 >         nop


Where does t6 get set?
This bug already is in the LSI sample code.
I think they just copied the loop code from the cache invalidation
functions (where they actually do determine t6 from the cache 
line size) and forgot to adjust it. 


Best regards,
Ralph


-- 
/--------------------------------------------------------------------\
| Dr. Ralph J.K. Metzler         | Convergence integrated media      |
|--------------------------------|-----------------------------------|
| rjkm@convergence.de            | http://www.convergence.de/        |
\--------------------------------------------------------------------/

Help me.

[강신규]

Hi, my name is Shinkyu Kang.

I am trying to port a linux 2.4 to R3000 based system (LSI LOGIC
SC2000).
SC2000 have caches. one is Two-way set associative or direct mapped
Instruction cache (16K) and another is Direct-mapped data cache(8K).

The following show the contents of each RAM(data and tag) cache.

- I-Cache Set 0 or D-Cache Data Ram
31-24(bit) : byte 3
23-16 : byte 2
15-8   : byte 1
7-0 : byte 0

- I-Cache Set 0 or D-Cache Tag Ram
23-5 : Cache Tag ID
4 : Cache Lock bit
3 : High word valid bit
2 : Third word valid bit
1 :  Second word valid bit
0 : Low word valid bit

- I-Cache Set 1 Data Ram
31-0 : Instruction

- I-Cache Set 1 Tag Ram
22-4 : Cache Tag ID
3 : High word valid bit
2 : Third word valid bit
1 : Second word valid bit
0 : Low word valid bit


SC2000 have a BBCC(Basic BIU and Cache Controller) Configuration
Register like following :
31(bit) : MMU enable -> setting this bit enables the full memory
management unit(MMU).
30 : Write buffer enable -> setting this bit enables the write buffer.
29-14 : reserved
13: Data error - the BBCC sets this bit when a bus error ouccurs duringa
data load/store. Clearing this bit acknowledges the error.
12-10 : Page Size -> These bits inform the BBCC of the page size so that
the BBCC can determine if stores are burst write transactions; in
otherwords, if they are consecutive stores to the same page.
---------------
    ps        page size
   0b000    16 words
   0b001    32 words
   0b010    64 words
   0b011    128 words
   0b100    256 words
   0b101    512 words
   0b110    1024 words
   0b111    2048 words
----------------

9-8 : Cache Mode -> These bits determine the Cache mode.
    CM        Cache Mode
------------------
  0b00        Nomal
  0b01        I-Cache Software Test (Data Ram)
  0b10        I-Cache Software Test(Tag Ram)
  0b11        D-Cache Software Test(Tag Ram)
-------------------

7 : Read Priority Enable  -> Setting this bit causes the BBCC to assign
higher priority to loads over stores, whenever possible.
6-5 : D-Cache Block Refill Size  -> These bits specify the D-cache block

refill size
    DRS     Refill Size
-------------------
   0b00       1 word
   0b01       2 words
   0b10       4 words
   0b11       8 words
-------------------

4 : D-Cache Enable  -> setting this bit enable the D-cache

3-2 : I-Cache Block Refill Size -> these bits specifiy the I-cache block

refill size.
  -------------------
   0b00       1 word
   0b01       2 words
   0b10       4 words
   0b11       8 words
-------------------

1 : I-Cache Set 1 Enable -> setting this bit enables the I-cache Set 1.

0 : I-Cache Enable -> setting this bit enables the I-cache.
----------------------------------------------------------------------------




I modify the r2300.c and add a new file (lsi-cache.S) like following :

-------------------r2300.c-------------------------------
static void r3k_flush_icache_range(unsigned long start, unsigned long
end)
{
         flush_icache();
}

void __init ld_mmu_r23000(void)
{
        unsigned long config;

        printk("CPU revision is: %08x\n",
read_32bit_cp0_register(CP0_PRID));

        _clear_page = r3k_clear_page;
        _copy_page = r3k_copy_page;

        r3k_probe_cache();

        _flush_cache_all = r3k_flush_cache_all;
        ___flush_cache_all = r3k_flush_cache_all;
        _flush_cache_mm = r3k_flush_cache_mm;
        _flush_cache_range = r3k_flush_cache_range;
        _flush_cache_page = r3k_flush_cache_page;
        _flush_cache_sigtramp = r3k_flush_cache_sigtramp;
        _flush_page_to_ram = r3k_flush_page_to_ram;
        _flush_icache_page = r3k_flush_icache_page;
        _flush_icache_range = r3k_flush_icache_range;

        _dma_cache_wback_inv = r3k_dma_cache_wback_inv;

        printk("Primary instruction cache %dkb, linesize %d bytes\n",
                (int) (icache_size >> 10), (int) icache_lsize);
        printk("Primary data cache %dkb, linesize %d bytes\n",
                (int) (dcache_size >> 10), (int) dcache_lsize);

        flush_tlb_all();
}
---------------lsi-cache.S--------------------------------

/* void flush_icache(void) */
LEAF(flush_icache)
        .set    noreorder

        la      a3, icache_size     # 8Kbyte
        lw      t4, 0(a3)

        mfc0    t7, CP0_STATUS          # save SR
        nop
        nop

        and     t0, t7, ~ST0_IEC        # disable interrupts
        mtc0    t0, CP0_STATUS
        nop
        nop

        li      t3, CBSYS             # BBCC configuration register
        lw      t8, 0(t3)               # save config. register
        nop

        li      t0, KSEG0
        or      t4, t4, t0              # end of I-cache

        move    t5, t0

2:        la      t0, 3f                  # switch to Kseg1
        or      t0, KSEG1
        jr      t0
        nop

#
# flush I-cache set 0
#
3:
        li      t0, (CFG_DCEN | CFG_ICEN)
        or      t0, CFG_CMODE_ITEST     # I-cache set1 enable
                                        # D-cache enable, I-cache set0
enable
                                        # I-cache software test
        sw      t0, 0(t3)
        lw      zero, 0(t3)
        addi    zero, zero, 1

        move    t0, t5
4:      sw      zero, (t0)
        nop
        lw      zero, (t0)
        addu    t0, t6
        bltu    t0, t4, 4b
        nop

#
# flush I-cache set 1
#
        li      t0, (CFG_DCEN | CFG_ICEN | CFG_IS1EN)
        or      t0, CFG_CMODE_ITEST     # I-cache set1 enable
                                        # D-cache enable, I-cache set0
enable
                                        # I-cache software test
        sw      t0, 0(t3)
        lw      zero, 0(t3)
        addi    zero, zero, 1

        move    t0, t5
5:      sw      zero, (t0)
        nop
        lw      zero, (t0)
        addu    t0, t6
        bltu    t0, t4, 5b
#
# restore status and config. register
#
        sw      t8, 0(t3)               # restore config. register
        lw      zero, 0(t3)
        addi    zero, zero, 1

        mtc0    t7, CP0_STATUS          # restore SR
        nop
        nop

        j       ra
        nop

        .set    reorder
END(flush_icache)
        nop
-----------------------------------------------------------------------

The default setting of CBSYS register is 0xC0000013 (MMU on, Write
buffer on, I, D-Cache on, I cache set 1 on)

-----Question.------------
When I turn off I, D-cache, bash or sash is doing well.
but when I turn on the cache, kernel die during sash or bash is up.

1. Is there more file to modified in kernel ?

2.  Here is a booting message when caches are off.

Starting kernel ...
command line: root=/dev/ram
Loading R[23]000 MMU routines.
CPU Revision Number is: 00002597
Primary instruction cache 8kb, linesize 16 bytes
Primary data cache 8kb, linesize 16 bytes
Linux version 2.4.3 (root@localhost.localdomain) (gcc version 3.0
20010422 (prerelease)) #442 목 6월 28 16 :42:17 EDT 2001
Determined physical RAM map:
 memory: 01000000 @ 00000000 (usable)
Initial ramdisk at: 0x800f6000 (2214364 bytes)
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/ram
sc2000 timer init...
Calibrating delay loop... 6.63 BogoMIPS
Memory: 12836k/16384k available (859k kernel code, 3548k reserved, 2226k
data, 56k init)
Dentry-cache hash table entries: 2048 (order: 2, 16384 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 1024 (order: 1, 8192 bytes)
Checking for 'wait' instruction...  unavailable.
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Starting kswapd v1.8
initialize_kbd: Keyboard failed self test
block: queued sectors max/low 8456kB/2818kB, 64 slots per queue
keyboard: Timeout - AT keyboard not present?
keyboard: Timeout - AT keyboard not present?
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 2162k freed
loop: loaded (max 8 devices)
Serial driver version 1.00 (2001-02-27)
ttyS00 at 0x0000 (irq = 0) is a LSI UART
VFS: Mounted root (ext2 filesystem).
Freeing prom memory: 0kb freed
Freeing unused kernel memory: 56k freed
<load_elf_binary> start
<load_elf_binary> padzero start
<load_elf_binary> new_pc : 400150, new_sp : 7fff7f80
<do_execve> end
<sys_execve> end
Algorithmics/MIPS FPU Emulator v1.4
Stand-alone shell (version 3.4)
>
----------------------------------------------
Here is a booting message when cache on.

Starting kernel ...
command line: root=/dev/ram
Loading R[23]000 MMU routines.
CPU Revision Number is: 00002597
Primary instruction cache 8kb, linesize 16 bytes
Primary data cache 8kb, linesize 16 bytes
Linux version 2.4.3 (root@localhost.localdomain) (gcc version 3.0
20010422 (prerelease)) #442 목 6월 28 16
:42:17 EDT 2001
Determined physical RAM map:
 memory: 01000000 @ 00000000 (usable)
Initial ramdisk at: 0x800f6000 (2214364 bytes)
On node 0 totalpages: 4096
zone(0): 4096 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: root=/dev/ram
sc2000 timer init...
Calibrating delay loop... 107.72 BogoMIPS
Memory: 12836k/16384k available (859k kernel code, 3548k reserved, 2226k
data, 56k init)
Dentry-cache hash table entries: 2048 (order: 2, 16384 bytes)
Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes)
Page-cache hash table entries: 4096 (order: 2, 16384 bytes)
Inode-cache hash table entries: 1024 (order: 1, 8192 bytes)
Checking for 'wait' instruction...  unavailable.
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Starting kswapd v1.8
initialize_kbd: Keyboard failed self test
block: queued sectors max/low 8456kB/2818kB, 64 slots per queue
keyboard: Timeout - AT keyboard not present?
keyboard: Timeout - AT keyboard not present?
RAMDISK driver initialized: 16 RAM disks of 8192K size 1024 blocksize
RAMDISK: Compressed image found at block 0
Freeing initrd memory: 2162k freed
loop: loaded (max 8 devices)
Serial driver version 1.00 (2001-02-27)
ttyS00 at 0x0000 (irq = 0) is a LSI UART
VFS: Mounted root (ext2 filesystem).
Freeing prom memory: 0kb freed
Freeing unused kernel memory: 56k freed
<load_elf_binary> start
<load_elf_binary> padzero start
<load_elf_binary> new_pc : 400150, new_sp : 7fff7f80
-----------------------------------------------------------------
Please tell me what can I do?


-----------------------------------------------------------------
Best Regards
Shinkyu.

Re: Help me.

[강신규]

Ralph Metzler wrote:

> Hi,
>
> =?EUC-KR?B?sK29xbHU?= writes:
>  > I am trying to port a linux 2.4 to R3000 based system (LSI LOGIC
>  > SC2000).
>  > SC2000 have caches. one is Two-way set associative or direct mapped
>  > Instruction cache (16K) and another is Direct-mapped data cache(8K).
>
> I also spent one or two weeks with Linux on an SC2000 a while ago
> but had to stop due to other more important projects. I also ran
> into problems with the caching. Without caching I got it to boot
> via NFS. Anyway, at least one mistake is in this part:
>
>  > ---------------lsi-cache.S--------------------------------
>  >
>  > /* void flush_icache(void) */
>  > LEAF(flush_icache)
>  >         .set    noreorder
>  >
>  >         la      a3, icache_size     # 8Kbyte
>  >         lw      t4, 0(a3)
>  >
>  >         mfc0    t7, CP0_STATUS          # save SR
>  >         nop
>  >         nop
>  >
>  >         and     t0, t7, ~ST0_IEC        # disable interrupts
>  >         mtc0    t0, CP0_STATUS
>  >         nop
>  >         nop
>  >
>  >         li      t3, CBSYS             # BBCC configuration register
>  >         lw      t8, 0(t3)               # save config. register
>  >         nop
>  >
>  >         li      t0, KSEG0
>  >         or      t4, t4, t0              # end of I-cache
>  >
>  >         move    t5, t0
>  >
>  > 2:        la      t0, 3f                  # switch to Kseg1
>  >         or      t0, KSEG1
>  >         jr      t0
>  >         nop
>  >
>  > #
>  > # flush I-cache set 0
>  > #
>  > 3:
>  >         li      t0, (CFG_DCEN | CFG_ICEN)
>  >         or      t0, CFG_CMODE_ITEST     # I-cache set1 enable
>  >                                         # D-cache enable, I-cache set0
>  > enable
>  >                                         # I-cache software test
>  >         sw      t0, 0(t3)
>  >         lw      zero, 0(t3)
>  >         addi    zero, zero, 1
>  >
>  >         move    t0, t5
>  > 4:      sw      zero, (t0)
>  >         nop
>  >         lw      zero, (t0)
>  >         addu    t0, t6
>  >         bltu    t0, t4, 4b
>  >         nop
>
> Where does t6 get set?
> This bug already is in the LSI sample code.
> I think they just copied the loop code from the cache invalidation
> functions (where they actually do determine t6 from the cache
> line size) and forgot to adjust it.
>
> Best regards,
> Ralph
>
> --
> /--------------------------------------------------------------------\
> | Dr. Ralph J.K. Metzler         | Convergence integrated media      |
> |--------------------------------|-----------------------------------|
> | rjkm@convergence.de            | http://www.convergence.de/        |
> \--------------------------------------------------------------------/

Thank you.

I changed 't6' into '0x4'. but the problem is same.

Regards,
Shinkyu.

Re: Help me.

[강신규]

Ralph Metzler wrote:

> Hi,
>
> =?EUC-KR?B?sK29xbHU?= writes:
>  > I am trying to port a linux 2.4 to R3000 based system (LSI LOGIC
>  > SC2000).
>  > SC2000 have caches. one is Two-way set associative or direct mapped
>  > Instruction cache (16K) and another is Direct-mapped data cache(8K).
>
> I also spent one or two weeks with Linux on an SC2000 a while ago
> but had to stop due to other more important projects. I also ran
> into problems with the caching. Without caching I got it to boot
> via NFS. Anyway, at least one mistake is in this part:
>
>  > ---------------lsi-cache.S--------------------------------
>  >
>  > /* void flush_icache(void) */
>  > LEAF(flush_icache)
>  >         .set    noreorder
>  >
>  >         la      a3, icache_size     # 8Kbyte
>  >         lw      t4, 0(a3)
>  >
>  >         mfc0    t7, CP0_STATUS          # save SR
>  >         nop
>  >         nop
>  >
>  >         and     t0, t7, ~ST0_IEC        # disable interrupts
>  >         mtc0    t0, CP0_STATUS
>  >         nop
>  >         nop
>  >
>  >         li      t3, CBSYS             # BBCC configuration register
>  >         lw      t8, 0(t3)               # save config. register
>  >         nop
>  >
>  >         li      t0, KSEG0
>  >         or      t4, t4, t0              # end of I-cache
>  >
>  >         move    t5, t0
>  >
>  > 2:        la      t0, 3f                  # switch to Kseg1
>  >         or      t0, KSEG1
>  >         jr      t0
>  >         nop
>  >
>  > #
>  > # flush I-cache set 0
>  > #
>  > 3:
>  >         li      t0, (CFG_DCEN | CFG_ICEN)
>  >         or      t0, CFG_CMODE_ITEST     # I-cache set1 enable
>  >                                         # D-cache enable, I-cache set0
>  > enable
>  >                                         # I-cache software test
>  >         sw      t0, 0(t3)
>  >         lw      zero, 0(t3)
>  >         addi    zero, zero, 1
>  >
>  >         move    t0, t5
>  > 4:      sw      zero, (t0)
>  >         nop
>  >         lw      zero, (t0)
>  >         addu    t0, t6
>  >         bltu    t0, t4, 4b
>  >         nop
>
> Where does t6 get set?
> This bug already is in the LSI sample code.
> I think they just copied the loop code from the cache invalidation
> functions (where they actually do determine t6 from the cache
> line size) and forgot to adjust it.
>
> Best regards,
> Ralph
>
> --
> /--------------------------------------------------------------------\
> | Dr. Ralph J.K. Metzler         | Convergence integrated media      |
> |--------------------------------|-----------------------------------|
> | rjkm@convergence.de            | http://www.convergence.de/        |
> \--------------------------------------------------------------------/

Thank you.

I modified the bug. but problem is same.

Regards,
Shinkyu.

help me...

[곽동원]

[-- Attachment #1: Type: text/plain, Size: 646 bytes --]

hi.. i'm king ^^ beginner~

i learn reiserfs berfoer one week...

i have question...

my disk /dev/hda9 filesystem is reiserfs... size 102M, journal size=32M

then free space = 68 M

i'm copy data (100M) .... 

[jellicle@dual reiserfs]$ df           
Filesystem           1k-blocks        Used    Available Use%   Mounted on
/dev/hda5              4538124     3835128      472468      90%  /
/dev/hda2                 54447        18169         33467      36% /boot
/dev/hda9                104380      102384          1996      99% /reiser/fs    <<<------

why free space 1996 not use???

free space 1996... special purpose??

Help me

[cyberyam]

[-- Attachment #1: Type: text/plain, Size: 2911 bytes --]

Hello:
    I program the firewall used the iptable under linux ,The kernel is 2.4.18 ,
I see , the sys_open is call from userspace ,so i convert kernelspace to userspace ,


but failed (The source is atteched ).
I coun't call the system call ,example sys_open ,sys_close, 
The problem is i could't write file ,what can i do ,
 mm_segment_t old_fs =get_fs() ;

    set_fs(new_fs) ;

 fd = sys_open(pathname,O_WRONLY|O_CREAT,S_IRUSR|S_IWUSR);
 printk("fd is [%d]",fd);
 sys_write(fd,"Mail has develope sucesses , ",20) ; 
 sys_close(fd);
 
set_fs(old_fs) ;
 

when the packet is accor ,the machine will panic ,
the error is :

error .... 
kernel panic :Aiee,killing interrupt handler! 
In interrupt handler - not syncing 

    Please help me ,Thank you .
                                                            yours zpeak 
                                                            

/*-----------------------------------------------------------------------------------------------------
 *Atteched the source and the problem 
----------------------------------------------------------------------------------------------------*/
#ifndef __KERNEL__
#define __KERNEL__
#endif
#ifndef MODULE
#define MODULE
#endif

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <linux/config.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/spinlock.h>
#include <asm-i386/segment.h>
#include <asm-i386/uaccess.h>
#include <linux/netfilter_ipv4.h>




static unsigned int myfirewall(unsigned int hooknum,struct sk_buff **skb,
  const struct net_device *in,
  const struct net_device *out,int (*okfn)(struct sk_buff*))
{
 mm_segment_t old_fs =get_fs() ;
 mm_segment_t new_fs =get_ds();
 printk("The old fs is [%lu]\n",old_fs.seg) ;
 printk("The neww fs is [%lu]\n ",new_fs.seg) ;

/* I found the old_fs and  new_fs is in the same address  
  * But in other module is different ,why,can you tell me 
*/ 
 
 
 int fd = 0;
 char pathname[50] ="/test/log/8.mail" ;

set_fs(new_fs) ;

 fd = sys_open(pathname,O_WRONLY|O_CREAT,S_IRUSR|S_IWUSR);
 printk("fd is [%d]",fd);
 sys_write(fd,"Mail has develope sucesses , ",20) ; 
 sys_close(fd);
 
set_fs(old_fs) ;
 
 
 return NF_ACCEPT;

}

static struct nf_hook_ops iplimitfilter=
{
 {NULL,NULL},
 myfirewall,
 PF_INET,
 NF_IP_PRE_ROUTING,
 NF_IP_PRI_FILTER
};

int init_module(void)
{
 mm_segment_t old_fs =get_fs() ;
 mm_segment_t new_fs =get_ds();
 printk("The** old fs is [%lu]\n",old_fs.seg) ;
 printk("The** neww fs is [%lu]\n ",new_fs.seg) ;
 return nf_register_hook(&iplimitfilter);
}

void cleanup_module(void)
{
 nf_unregister_hook(&iplimitfilter);
}

------------------------------------------------------------
gcc -D__KERNEL__ -WALL -I /usr/src/linux.2.4.18/include  myfirewall.c 

[-- Attachment #2: Type: text/html, Size: 6237 bytes --]

Help Me

[Pham Dinh Hieu]

[-- Attachment #1: Type: text/plain, Size: 2498 bytes --]

Dear All,
I want to install iptables-1.2.7a but I have a trouble as compile it.
The system displays the following message 

[root@fw iptables-1.2.7a]# make KERNEL_DIR=/home/test/linux-2.4.17
Making dependencies: please wait...
Extensions found:
cc -O2 -Wall -Wunused -I/home/user/linux-2.4.17/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\"  -fPIC -o\
extensions/libipt_ah_sh.o -c extensions/libipt_ah.c
ld -shared -o extensions/libipt_ah.so extensions/libipt_ah_sh.o
cc -O2 -Wall -Wunused -I/home/user/linux-2.4.17/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\"  -fPIC -o\
extensions/libipt_conntrack_sh.o -c extensions/libipt_conntrack.c
In file included from extensions/libipt_conntrack.c:15:
include/linux/netfilter_ipv4/ipt_conntrack.h:28: `IP_CT_DIR_MAX' undeclared here (not in a function)
include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in a function)
include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in a function)
extensions/libipt_conntrack.c: In function `parse_status':
extensions/libipt_conntrack.c:103: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:103: (Each undeclared identifier is reported only once
extensions/libipt_conntrack.c:103: for each function it appears in.)
extensions/libipt_conntrack.c:105: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:107: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `parse':
extensions/libipt_conntrack.c:202: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:259: `IP_CT_DIR_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `print_status':
extensions/libipt_conntrack.c:364: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:368: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:372: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `matchinfo_print':
extensions/libipt_conntrack.c:420: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:440: `IP_CT_DIR_REPLY' undeclared (first use in this function)
make: *** [extensions/libipt_conntrack_sh.o] Error 1


Please help me to install iptables on Redhat Linux 7.3 or 8.0 
Thanks.

Best Regards

DunHill

[-- Attachment #2: Type: text/html, Size: 3377 bytes --]

RE: Help Me

[George Vieira]

[-- Attachment #1: Type: text/plain, Size: 3346 bytes --]

My advice:
 
1. Download a new kernel source (don't use RedHat's source)
2. Place it in /usr/src/linux-2.4.xx  and then use    ln -s /usr/src/linux.2.4.xx /usr/src/linux
3. Compile iptables against the new kernel (make clean && make)
 
It's easier when you have fresh source code and easier when it's time to patch other stuff in..

Thanks,

 
____________________________________________
George Vieira
Citadel Computer Systems Pty Ltd Systems Manager georgev AT citadelcomputer DOT com DOT au 
Citadel Computer Systems Pty Ltd
Phone : +61 2 9955 2644 HelpDesk: +61 2 9955 2698  <http://www.citadelcomputer.com.au/> http://www.citadelcomputer.com.au
 
 
-----Original Message-----
From: Pham Dinh Hieu [mailto:pdhieu@saigontel.com]
Sent: Tuesday, June 10, 2003 4:31 PM
To: netfilter@lists.samba.org
Subject: Help Me


Dear All,
I want to install iptables-1.2.7a but I have a trouble as compile it.
The system displays the following message 
 
[ root@fw iptables-1.2.7a]# make KERNEL_DIR=/home/test/linux-2.4.17
Making dependencies: please wait...
Extensions found:
cc -O2 -Wall -Wunused -I/home/user/linux-2.4.17/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\"  -fPIC -o\
extensions/libipt_ah_sh.o -c extensions/libipt_ah.c
ld -shared -o extensions/libipt_ah.so extensions/libipt_ah_sh.o
cc -O2 -Wall -Wunused -I/home/user/linux-2.4.17/include -Iinclude/ -DIPTABLES_VERSION=\"1.2.7a\"  -fPIC -o\
extensions/libipt_conntrack_sh.o -c extensions/libipt_conntrack.c
In file included from extensions/libipt_conntrack.c:15:
include/linux/netfilter_ipv4/ipt_conntrack.h:28: `IP_CT_DIR_MAX' undeclared here (not in a function)
include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in a function)
include/linux/netfilter_ipv4/ipt_conntrack.h:29: `IP_CT_DIR_MAX' undeclared here (not in a function)
extensions/libipt_conntrack.c: In function `parse_status':
extensions/libipt_conntrack.c:103: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:103: (Each undeclared identifier is reported only once
extensions/libipt_conntrack.c:103: for each function it appears in.)
extensions/libipt_conntrack.c:105: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:107: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `parse':
extensions/libipt_conntrack.c:202: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:259: `IP_CT_DIR_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `print_status':
extensions/libipt_conntrack.c:364: `IPS_EXPECTED' undeclared (first use in this function)
extensions/libipt_conntrack.c:368: `IPS_SEEN_REPLY' undeclared (first use in this function)
extensions/libipt_conntrack.c:372: `IPS_ASSURED' undeclared (first use in this function)
extensions/libipt_conntrack.c: In function `matchinfo_print':
extensions/libipt_conntrack.c:420: `IP_CT_DIR_ORIGINAL' undeclared (first use in this function)
extensions/libipt_conntrack.c:440: `IP_CT_DIR_REPLY' undeclared (first use in this function)
make: *** [extensions/libipt_conntrack_sh.o] Error 1

 
Please help me to install iptables on Redhat Linux 7.3 or 8.0 
Thanks.
 
Best Regards
 
DunHill

[-- Attachment #2: Type: text/html, Size: 7421 bytes --]

Re: help me

[Vitaliy Pronkin]

I just installed libs and utils ver 2.7.. But getting the same output
from hcidump:

# hcidump
HCIDump - HCI packet analyzer ver 1.8
device: hci0 snap_len: 1028 filter: 0xffffffff
> HCI Event: Connect Request(0x04) plen 10
< HCI Command: Accept Connection Request(0x01|0x0009) plen 7
> HCI Event: Command Status(0x0f) plen 4
> HCI Event: Role Change(0x12) plen 8
> HCI Event: Connect Complete(0x03) plen 11
< HCI Command: Change Connection Packet Type(0x01|0x000f) plen 4
> HCI Event: Page Scan Repetition Mode Change(0x20) plen 7
> HCI Event: Command Status(0x0f) plen 4
> HCI Event: Connection Packet Type Changed(0x1d) plen 5
> HCI Event: Max Slots Change(0x1b) plen 3
> ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Connect req: psm 1 scid 0x0045
< ACL data: handle 0x002a flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0045 result 0 status 0
> HCI Event: Number of Completed Packets(0x13) plen 5
> ACL data: handle 0x002a flags 0x02 dlen 20
    L2CAP(s): Config req: dcid 0x0040 flags 0x0000 clen 8
    MTU 512 FlushTO 65535
< ACL data: handle 0x002a flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0045 flags 0x0000 result 0 clen 0
< ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Config req: dcid 0x0045 flags 0x0000 clen 0
> HCI Event: Number of Completed Packets(0x13) plen 5
> HCI Event: Number of Completed Packets(0x13) plen 5
> ACL data: handle 0x002a flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0040 flags 0x0000 result 0 clen 0
> ACL data: handle 0x002a flags 0x02 dlen 17
    L2CAP(d): cid 0x40 len 13 [psm 1]
        SDP SS Req: tid 0x0 len 0x8
          pat uuid-16 0x1002 (PubBrwsGrp)
          max 0x14
          cont 00
> ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Disconn req: dcid 0x0040 scid 0x0045
< ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x0040 scid 0x0045
> HCI Event: Number of Completed Packets(0x13) plen 5
> ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Connect req: psm 1 scid 0x0046
< ACL data: handle 0x002a flags 0x02 dlen 16
    L2CAP(s): Connect rsp: dcid 0x0040 scid 0x0046 result 0 status 0
> HCI Event: Number of Completed Packets(0x13) plen 5
> ACL data: handle 0x002a flags 0x02 dlen 20
    L2CAP(s): Config req: dcid 0x0040 flags 0x0000 clen 8
    MTU 512 FlushTO 65535
< ACL data: handle 0x002a flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0046 flags 0x0000 result 0 clen 0
< ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Config req: dcid 0x0046 flags 0x0000 clen 0
> HCI Event: Number of Completed Packets(0x13) plen 5
> HCI Event: Number of Completed Packets(0x13) plen 5
> ACL data: handle 0x002a flags 0x02 dlen 14
    L2CAP(s): Config rsp: scid 0x0040 flags 0x0000 result 0 clen 0
> ACL data: handle 0x002a flags 0x02 dlen 17
    L2CAP(d): cid 0x40 len 13 [psm 1]
        SDP SS Req: tid 0x0 len 0x8
          pat uuid-16 0x1002 (PubBrwsGrp)
          max 0x14
          cont 00
> ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Disconn req: dcid 0x0040 scid 0x0046
< ACL data: handle 0x002a flags 0x02 dlen 12
    L2CAP(s): Disconn rsp: dcid 0x0040 scid 0x0046
> HCI Event: Number of Completed Packets(0x13) plen 5
> HCI Event: Disconn Complete(0x05) plen 4


My laptop is on standard Intel Pentium M processor.
What more info may help you?

Regards,
Vitaliy

HELP ME

[Marcel Bogdan]

  
REPLY ONLY TO: marcelbogdan@handbag.com
DEAR FRIEND 
I AM MARCEL BOGDAN,I AM 56 YEARS 
OLD.I AM A CITIZEN OF ROMANIA, BUT I AM RESIDENT IN SOUTH AFRICA. 

I WAS BORN AN ORPHAN AND GOD BLESSED ME ABUNDANTLY.BUT I AM NOT A HAPPY MAN.I HAVE 
NO WIFE AND I HAVE NO CHILDREN. AS AT NOW I AM  SERIOUSLY SICK. I JUST CAME OUT OF 
THE HOSPITAL BACK TO MY HOME . I AM  SUFFERING FROM LUNG CANCER AND I HAD PATIAL 
STROKE WHICH HAS AFFECTED MY SPEACH. I CAN NO LONGER TALK.AND HALF OF MY BODY IS 
PARALYSED. THE DOCTORS SAY I HAVE ABOUT 2 MOUNTHS TO LIVE. I SEND THIS EMAIL TO 
YOU  WITH THE HELP OF MY PRIVATE MALE NURSE WHO IS TYPING MY REQUEST. 

I HAVE LITTLE TIME SO I HAVE COMMITTED IT TO SPREADING MY WEALTH  TOWARDS BETTER 
HEALTH CARE FOR MANKIND.IN THE HOSPITAL WHERE I AM ,I  HAVE GIVEN THE MANAGEMENT 
US$15 MILLION TO UPGRADE AND BUILD A NEW  CANCER RESEACH FACILITY.I HAVE ALSO MADE 
SOME CASH DONATIONS TO  ORPHANAGE CHILDREN HOMES IN SOMALIA,ETHIOPIA,SUDAN,AND 
SOME IN SOUTH AFRICA. I HAVE SUCCEDED IN SPREADING MY LIQUID CASH TOWARDS WELL 
DESERVED MEANS. MY SOUL IS HAPPY. 

WHAT I AM DOING GIVES ME JOY.I AM NOW SHARING MY PROPERTIES AND 
VALUABLES.I DONT KNOW YOU, BUT I AM CONTACTING YOU WITH THE HOPE THAT YOU WILL 
CARRY OUT MY WISH FOR THE SAKE OF HUMANITY. I HAVE 8 MILLION DOLLARS (USD ) 
DEPOSITED WITH A DIPLOMATIC COURIER COMPANY IN EUROPE. I WANT YOU TO TAKE CUSTODY 
OF  THE 8 MILLION DOLLARS (USD ) AND USE IT TO BUILD AND OPERATE(YOU COULD LOOK 
FOR SOMEONE TO OPERATE IT IF YOU ARE UNABLE TO) AN ORPHANAGE IN YOUR COUNTRY.YOU 
WILL NAME THE ORPHANAGE MARCEL BOGDAN ORPHANAGE HOME. YOU MUST FOLLOW MY WISH FOR 
IT WILL GLADEN MY  HEART. 

IF YOU ARE READY TO DO THIS AND CARRYOUT MY WISH, THEN SEND ME 
[1]YOUR NAMES, 
[2]YOUR PHONE AND FAX NUMBER, 
[3]YOUR RESIDENTIAL ADDRESS, 
MY LAWYER WILL BE IN CONTACT WITH YOU.MAY GOD GUIDE US. 
SEND YOUR REPLY ALONG WITH YOUR PERSONAL DETAILS ONLY TO THE EMAIL 
ADDRESS BELOW : marcelbogdan@handbag.com
I AWAIT YOUR REPLY. 
MY WARM GREETINGS 
MARCEL BOGDAN 

Help Me

[Umar Draz]

i want help about kernel recompile

thanks

Umar Draz

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Re: Help Me

[DervishD]

    Hi Umar

 * Umar Draz <kernel_org@hotmail.com> dixit:
> i want help about kernel recompile

    You don't specify your kernel version, nor your architecture,
distribution (if any), if you have already tried the documentation,
if you have already compiled a kernel (since you talk about
recompiling), etc.

    A single tense is not enough to get help ;)

    Raúl Núñez de Arenas Coronado

-- 
Linux Registered User 88736
http://www.dervishd.net & http://www.pleyades.net/

help me

[umar draz]

hi dear members!

  i have one interface card in my linux machine <eth0>

  now i attache DSL modem with this interface now i
want block all incoming traffic.

but i want i can access every thing.

how i can do it

regards

Umar Draz

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: help me

[Christoph Georgi]

make the default policy of the incoming chain (input) drop, but allow 
established and related traffic, and allow all outgoing traffic by 
setting the default policy to allow for the output chain (although it's 
adviced to specify the outgoing traffic further..)

# drops all traffic
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

# allow established an related incoming traffic
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


christoph


umar draz wrote:
> hi dear members!
> 
>   i have one interface card in my linux machine <eth0>
> 
>   now i attache DSL modem with this interface now i
> want block all incoming traffic.
> 
> but i want i can access every thing.
> 
> how i can do it
> 
> regards
> 
> Umar Draz
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> 
> 

-- 


Christoph Georgi
-----------------------------
email.  christoph.georgi@web.de
fon.	+64 (0)9 815 8259

registered linux user #380268
ubuntu 5.04 (ubuntu.com)

Re: help me

[/dev/rob0]

On Monday 04 July 2005 05:47, Christoph Georgi wrote:
> make the default policy of the incoming chain (input) drop, but allow
> established and related traffic, and allow all outgoing traffic by
> setting the default policy to allow for the output chain (although
> it's adviced to specify the outgoing traffic further..)

Why, and by whom, is that advised?

> umar draz wrote:
> > [snip]
> > how i can do it

All this is clearly described in the Packet Filtering HOWTO. Or you can 
use one of many ready-made scripts without bothering to learn how 
firewalls work.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

help me

[bash]

 Hello All,

I wanna dynamically block some ip's that load my router with --state NEW
packets (usually it's generated by very aggressive NetLook win
program). But there is a problem -m limit will block all my router's
user, and I wanna block just one ip :/

-- 
Biomechanica Artificial Sabotage Humanoid

Re: help me

[John A. Sullivan III]

On Wed, 2006-03-29 at 04:19 +0400, bash wrote:
>  Hello All,
> 
> I wanna dynamically block some ip's that load my router with --state NEW
> packets (usually it's generated by very aggressive NetLook win
> program). But there is a problem -m limit will block all my router's
> user, and I wanna block just one ip :/
I'm not entirely sure of what you want to do.  Why can you not match
source? If you want, match the one IP and send all traffic for that IP
to a user defined chain, e.g., :
iptables -A FORWARD -s 10.1.1.100 -j SpecialChain
iptables -A SpecialChain -j DOWHATEVERYOUWANT

If it is that you want to exempt certain addresses, send all the packets
to a user defined chain and return the exemptions, e.g., 

iptables -A FORWARD -j LimitChain
iptables -A LimitChain -m iprange --src-range 10.1.1.70-10.1.1.223 -j
RETURN
iptables -A LimitChain -j LOG, DROP, LIMIT, WHATEVERYOUWANTTODO
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

If you would like to participate in the development of an open source
enterprise class network security management system, please visit
http://iscs.sourceforge.net

Re: help me

[bash]

On Tue, 28 Mar 2006 20:50:51 -0500
"John A. Sullivan III" <jsullivan@opensourcedevel.com> wrote:

> On Wed, 2006-03-29 at 04:19 +0400, bash wrote:
> >  Hello All,
> > 
> > I wanna dynamically block some ip's that load my router with --state NEW
> > packets (usually it's generated by very aggressive NetLook win
> > program). But there is a problem -m limit will block all my router's
> > user, and I wanna block just one ip :/
> I'm not entirely sure of what you want to do.  Why can you not match
> source? If you want, match the one IP and send all traffic for that IP
> to a user defined chain, e.g., :
> iptables -A FORWARD -s 10.1.1.100 -j SpecialChain
> iptables -A SpecialChain -j DOWHATEVERYOUWANT
> 
> If it is that you want to exempt certain addresses, send all the packets
> to a user defined chain and return the exemptions, e.g., 
> 
> iptables -A FORWARD -j LimitChain
> iptables -A LimitChain -m iprange --src-range 10.1.1.70-10.1.1.223 -j
> RETURN
> iptables -A LimitChain -j LOG, DROP, LIMIT, WHATEVERYOUWANTTODO

The problem is that I don't know IP of this machine.... And anyone in
my net can run NetLook program... So i want that - if some-one in my net
exceed limit then iptables will block this ip dynamically.... 

-- 
Biomechanica Artificial Sabotage Humanoid

Re: help me (nfcan: addressed to exclusive sender for this address)

[Jim Laurino]

On 2006.03.28 22:29, bash - 0x62ash@gmail.com wrote:
> On Tue, 28 Mar 2006 20:50:51 -0500
> "John A. Sullivan III" <jsullivan@opensourcedevel.com> wrote:
> 
> > On Wed, 2006-03-29 at 04:19 +0400, bash wrote:
> > >  Hello All,
> > >
> > > I wanna dynamically block some ip's that load my router with --state NEW
> > > packets (usually it's generated by very aggressive NetLook win
> > > program). But there is a problem -m limit will block all my router's
> > > user, and I wanna block just one ip :/
> > I'm not entirely sure of what you want to do.  Why can you not match
> > source? If you want, match the one IP and send all traffic for that IP
> > to a user defined chain, e.g., :
> > iptables -A FORWARD -s 10.1.1.100 -j SpecialChain
> > iptables -A SpecialChain -j DOWHATEVERYOUWANT
> >
> > If it is that you want to exempt certain addresses, send all the packets
> > to a user defined chain and return the exemptions, e.g.,
> >
> > iptables -A FORWARD -j LimitChain
> > iptables -A LimitChain -m iprange --src-range 10.1.1.70-10.1.1.223 -j
> > RETURN
> > iptables -A LimitChain -j LOG, DROP, LIMIT, WHATEVERYOUWANTTODO
> 
> The problem is that I don't know IP of this machine.... And anyone in
> my net can run NetLook program... So i want that - if some-one in my net
> exceed limit then iptables will block this ip dynamically....

I am not an expert on this,
but for what it is worth:

Perhaps the rules used to detect
and limit brute force ssh attacks
could be adapted to your need.

Does NetLook have a predictable pattern?

You can find out about the ssh blocking rules
if you search the archives for 'brute force'.

Hope that helps.

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.

Re: help me (nfcan: addressed to exclusive sender for this address)

[bash]

On Tue, 28 Mar 2006 23:22:26 -0500
Jim Laurino <nfcan.x.jimlaur@dfgh.net> wrote:

> I am not an expert on this,
> but for what it is worth:
> 
> Perhaps the rules used to detect
> and limit brute force ssh attacks
> could be adapted to your need.

You are talking about "recent" module... I don't know how I can use
it in my situation....
 
> Does NetLook have a predictable pattern?

Forget about NetLook...

My criteria for blocking is:
if rate of SYN packages from ONE source IP is greater then 3packets/sec
=> then block this IP

And i can't add rule "-m limit" per all source IP in my net,
because my net is big (~255^3)....

> You can find out about the ssh blocking rules
> if you search the archives for 'brute force'.
> 
> Hope that helps.



-- 
Biomechanica Artificial Sabotage Humanoid

RE: help me (nfcan: addressed to exclusive sender for this address)

[Rob Sterenborg]

>> I am not an expert on this,
>> but for what it is worth:
>> 
>> Perhaps the rules used to detect
>> and limit brute force ssh attacks
>> could be adapted to your need.
> 
> You are talking about "recent" module... I don't know how I can use
> it in my situation.... 
> 
>> Does NetLook have a predictable pattern?
> 
> Forget about NetLook...
> 
> My criteria for blocking is:
> if rate of SYN packages from ONE source IP is greater then
> 3packets/sec => then block this IP
> 
> And i can't add rule "-m limit" per all source IP in my net,
> because my net is big (~255^3)....

Wouldn't that look something like :

$ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \
  -p tcp --syn -m limit --limit 3/sec -j ACCEPT

This would match NEW packets on your LAN interface with SYN set, coming
from any of your LAN IP's and not allowing more than 3 of these per
second. Of course, you'd also need a rule like this to allow the
complete connection :

$ipt -A [INPUT|FORWARD] -m state --state RELATED,ESTABLISHED -j ACCEPT

Or am I missing something ?


Gr,
Rob

Re: help me (nfcan: addressed to exclusive sender for this address)

[bash]

On Wed, 29 Mar 2006 20:28:53 +0200
"Rob Sterenborg" <rob@sterenborg.info> wrote:

> >> I am not an expert on this,
> >> but for what it is worth:
> >> 
> >> Perhaps the rules used to detect
> >> and limit brute force ssh attacks
> >> could be adapted to your need.
> > 
> > You are talking about "recent" module... I don't know how I can use
> > it in my situation.... 
> > 
> >> Does NetLook have a predictable pattern?
> > 
> > Forget about NetLook...
> > 
> > My criteria for blocking is:
> > if rate of SYN packages from ONE source IP is greater then
> > 3packets/sec => then block this IP
> > 
> > And i can't add rule "-m limit" per all source IP in my net,
> > because my net is big (~255^3)....
> 
> Wouldn't that look something like :
> 
> $ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \
>   -p tcp --syn -m limit --limit 3/sec -j ACCEPT

If just ONE host from my $LAN_NET will exceed this limit, then ALL
hosts in $LAN_NET will not able to start new session... and this is
bad. I want to limit 3/sec per host, not for all net....

> This would match NEW packets on your LAN interface with SYN set, coming
> from any of your LAN IP's and not allowing more than 3 of these per
> second. Of course, you'd also need a rule like this to allow the
> complete connection :
> 
> $ipt -A [INPUT|FORWARD] -m state --state RELATED,ESTABLISHED -j ACCEPT
> 
> Or am I missing something ?
> 
> 
> Gr,
> Rob
> 
> 


-- 
Biomechanica Artificial Sabotage Humanoid

RE: help me (nfcan: addressed to exclusive sender for this address)

[Rob Sterenborg]

>> $ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \
>>   -p tcp --syn -m limit --limit 3/sec -j ACCEPT
> 
> If just ONE host from my $LAN_NET will exceed this limit, then ALL
> hosts in $LAN_NET will not able to start new session... and this is
> bad. I want to limit 3/sec per host, not for all net....

Yes.. :-\
Maybe this post is of help then.
http://www.linux-noob.com/forums/index.php?showtopic=1829


Gr,
Rob

Re: help me (nfcan: addressed to exclusive sender for this address)

[bash]

On Thu, 30 Mar 2006 07:45:01 +0200
"Rob Sterenborg" <rob@sterenborg.info> wrote:

> >> $ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \
> >>   -p tcp --syn -m limit --limit 3/sec -j ACCEPT
> > 
> > If just ONE host from my $LAN_NET will exceed this limit, then ALL
> > hosts in $LAN_NET will not able to start new session... and this is
> > bad. I want to limit 3/sec per host, not for all net....
> 
> Yes.. :-\
> Maybe this post is of help then.
> http://www.linux-noob.com/forums/index.php?showtopic=1829

I saw it... "-m recent" has only 1 second sampling... i cant handle
situaton of 3/sec and etc.....

I found "-m dstlimit" module which is handy, *but* for my situation i
wanna the same but with limit the packet rate on a per SOURCE ip....
inverted dstlimit :)

Any ideads? :/

-- 
Biomechanica Artificial Sabotage Humanoid

help me

[abdul hafeez]

[-- Attachment #1: Type: text/html, Size: 845 bytes --]

help me

[ahmed nabel]

hello

I have successfuly installed the Linux on my 6340 iPAQ, following the 
instructions on:

http://aragorn.kortex.jyu.fi:8080/h6300/H6300_Boot.html

and its very cool. Thank you all.

However I have two problems:

1. The phone can not work. When I try to modify the buttons settings, so 
that i choose one of them for the phone, i can not see the phone as an 
option in the list available... However, the system info reads the device 
correctly as h6300 series...

2. I can not shut down the device. The power button does not work and the 
suspend option in the start menu causes the the system to halt and make a 
loud noies, so then I have to hardware reset the device, which goes back to 
WinCe

Please note that I have followed your installation instructions as they 
were, however I only canceled the TCP/IP connection part through the cardle 
because I thought I would not need it. I wonder if that is the problem?

Thank you in advance for your time and efforts.

Yours.

_________________________________________________________________
Get free, personalized commercial-free online radio with MSN Radio powered 
by Pandora http://radio.msn.com/?icid=T002MSN03A07001

_______________________________________________
The Familiar Linux Distribution
Familiar mailing list
Familiar@handhelds.org
https://handhelds.org/mailman/listinfo/familiar
irc://irc.freenode.net #familiar

Help me

[Debasree Mallick]

Hi,
When i try to run this command
mtn --db=OE.mtn co -b org.openembedded.dev
It givs a error..Error is

mtn: misuse: layout of database /stuff/OE.mtn doesn't match this version
of monotone
mtn: misuse: wanted schema ae196843d368d042f475e3dadfed11e9d7f9f01e, got
48fd5d84f1e5a949ca093e87e5ac558da6e5956d
mtn: misuse: try 'mtn db migrate' to upgrade
mtn: misuse: (this is irreversible; you may want to make a backup copy
first)

I am using Fedora5...
Please help me to solve this problem..
Thanks
Debasree

Re: Help me

[Matthew Palmer]

[For your own benefit, I'd suggest a better choice of subject line in future]

On Thu, Jan 04, 2007 at 03:21:57PM +0900, Debasree Mallick wrote:
> Hi,
> When i try to run this command
> mtn --db=OE.mtn co -b org.openembedded.dev
> It givs a error..Error is
> 
> mtn: misuse: layout of database /stuff/OE.mtn doesn't match this version
> of monotone

You're running a newer version of monotone than the version which was used
to create the database.  If you just want to get the source, and don't have
commit access, I've found that:

> mtn: misuse: try 'mtn db migrate' to upgrade

Does a nice job of making everything work again (I'm using mtn 0.32).

I've got no idea if things will still work properly if you're pushing
changes back to trunk, since I'm not So Blessed.

- Matt

-- 
I don't do veggies if I can help it.			-- stevo
If you could see your colon, you'd be horrified.	-- Iain Broadfoot
If he could see his colon, he'd be management.		-- David Scheidt

Re: Help me

[Debasree Mallick]

Hi,
monotone has installed..
But when i try to run bitbake nano command
it shows some error at the end..
Errors r
ERROR: TaskFailed event exception, aborting
NOTE: package fakeroot-native-1.2.13: failed
ERROR: Build of nano failed

If u can then please help me out...
Thanks
Debasree

On 1/4/07, Matthew Palmer <mpalmer@hezmatt.org> wrote:
>
> [For your own benefit, I'd suggest a better choice of subject line in
> future]
>
> On Thu, Jan 04, 2007 at 03:21:57PM +0900, Debasree Mallick wrote:
> > Hi,
> > When i try to run this command
> > mtn --db=OE.mtn co -b org.openembedded.dev
> > It givs a error..Error is
> >
> > mtn: misuse: layout of database /stuff/OE.mtn doesn't match this version
> > of monotone
>
> You're running a newer version of monotone than the version which was used
> to create the database.  If you just want to get the source, and don't
> have
> commit access, I've found that:
>
> > mtn: misuse: try 'mtn db migrate' to upgrade
>
> Does a nice job of making everything work again (I'm using mtn 0.32).
>
> I've got no idea if things will still work properly if you're pushing
> changes back to trunk, since I'm not So Blessed.
>
> - Matt
>
> --
> I don't do veggies if I can help it.                    -- stevo
> If you could see your colon, you'd be horrified.        -- Iain Broadfoot
> If he could see his colon, he'd be management.          -- David Scheidt
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
>

Help me

[Debasree Mallick]

Hi,
monotone has installed..
But when i try to run bitbake nano command
it shows some error at the end..
Errors r
ERROR: TaskFailed event exception, aborting
NOTE: package fakeroot-native-1.2.13: failed
ERROR: Build of nano failed

If u can then please help me out...
Thanks
Debasree

On 1/4/07, Matthew Palmer <mpalmer@hezmatt.org> wrote:
>
> [For your own benefit, I'd suggest a better choice of subject line in
> future]
>
> On Thu, Jan 04, 2007 at 03:21:57PM +0900, Debasree Mallick wrote:
> > Hi,
> > When i try to run this command
> > mtn --db=OE.mtn co -b org.openembedded.dev
> > It givs a error..Error is
> >
> > mtn: misuse: layout of database /stuff/OE.mtn doesn't match this version
> > of monotone
>
> You're running a newer version of monotone than the version which was used
> to create the database.  If you just want to get the source, and don't
> have
> commit access, I've found that:
>
> > mtn: misuse: try 'mtn db migrate' to upgrade
>
> Does a nice job of making everything work again (I'm using mtn 0.32).
>
> I've got no idea if things will still work properly if you're pushing
> changes back to trunk, since I'm not So Blessed.
>
> - Matt
>
> --
> I don't do veggies if I can help it.                    -- stevo
> If you could see your colon, you'd be horrified.        -- Iain Broadfoot
> If he could see his colon, he'd be management.          -- David Scheidt
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
>

help me

[oleg ershov]

My board is CM-F82 CompuLab.I am using LynxOS-178 2.1.0.
>I use U-boot 1.1.3 as my bootloader.
>I have target platform - PowerPC; Board: CM-F82 CompuLab, busfreq 
>100 MHz; processor MPC8272 Freescale.
>
>I need driver File System for LynxOS for CF of size >= 1Gb.
>
>Any ideas?
>Best regards,
>Oleg Ershov

Re: help me

[Mike Frysinger]

On Thu, Jul 1, 2010 at 01:01, oleg ershov wrote:
> My board is CM-F82 CompuLab.I am using LynxOS-178 2.1.0.
>>I use U-boot 1.1.3 as my bootloader.
>>I have target platform - PowerPC; Board: CM-F82 CompuLab, busfreq
>>100 MHz; processor MPC8272 Freescale.
>>
>>I need driver File System for LynxOS for CF of size >= 1Gb.

why are you asking on a Linux list for LynxOS support ?  Linux !=
Lynx.  try a more appropriate list.
-mike

Help Me

[Alina Yukov]

Good day to you,My name is Alina a dying widow contacting you from the sick
bed. Please I need your assistance in establishing my late husband
investment fund before I depart.
Mrs Alina Yukov.

Help Me

[Ms. Heba Oudeh]

Dear sir/Madam,

Greetings! I would like to apologize for barging into your privacy without your concent. My name is Heba Oudeh from Damascus Syria and i am 29 years old orphan.

I have decided to make this contact after many thoughts and hard decision. On 27 may 2017 i lost my parents to the Syrian war in one day and since then i have been in the refugee camp where am been raped every other day with no one to come to my aid. It is rather risky for me to send this mail and would be punished if caught but i have no choice than to take the risk and either die or be completely freed.

I have contacted you for help. I have come to realize that all my late father's investments were made here and have been destroyed as well except a little money he has in his foreign account in the U.S.A. Before i was taken to the camp i discovered he has deposited the sum of $1,875,000USD in an American bank with me as next-of-kin. I have contacted the bank to explain things to them and they have agreed to accept anybody i would present as the new next-of-kin so they will transfer they money to the person since i can not transfer the money to Syria.

The decision to make you the next-of-kin was not made because i need this money but because i want to leave this country to a better and safer place. All i need from you is to receive this money and make arrangement for me to join you in your country so i can complete my education and the remaining money can be invested in a business which both of us will be co-owners/partners and share profit equally. This might sound stupid but only option for me.

If you feel you will be able to help me on this, please let me know as soon as you can so i can contact the bank to know the steps to be taken and what is reqired from our side. I will give you a copy of my ID in my next mail.

Thanks,
Heba.