From: "koba@koba.com.ar" <koba@koba.com.ar>
To: Mike Carlton <mikecarlton@gmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: About connbytes
Date: Thu, 18 Nov 2004 19:14:11 -0300 [thread overview]
Message-ID: <419D1EB3.8030806@koba.com.ar> (raw)
In-Reply-To: <f663f63604111813174cc28048@mail.gmail.com>
Looks like there is a difference in the development stage between the
lastest iptables connbytes and the kernel connbytes (different struct
expected in ipt_connbytes.h). It was not useable, at least the last time
I checked (9/2004).
The solution I found was to patch the kernel with the connbytes patch
from pom patch-o-matic-ng-20040621 and use the lastest iptables.
Be warned, that version uses 32-bit counters (4gb per conntrack entry
limit) but I shouldn't be a problem in most cases. Anyway, it shouldn't
be so difficult to change them to 64-bit.
If you need I can send you a patch for 2.6.7 kernel so you can skip the
pom part. You don't need to patch iptables, connbytes is already
included but you'll need to recompile iptables against you patched
kernel so the connbytes extension is included in the compilation.
--
Claudio
Mike Carlton wrote:
> I have the same problem with an outdated libopt_connbytes.c
>
> The latest snapshot
> ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-1.3.0-20041114.tar.bz2
> as well as the most recent browsable version I can find
> http://cvs.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libipt_connbytes.c?rev=3071&view=markup
>
> are both old.
>
> Can you give us a link to the current subversion version you refer to?
>
> Thanks,
> --Mike Carlton
>
>
> On Tue, 9 Nov 2004 10:04:22 +0100, Harald Welte <laforge@netfilter.org> wrote:
>
>>On Tue, Nov 09, 2004 at 02:17:25AM -0300, koba@koba.com.ar wrote:
>>
>>>Hello,
>>> I've been trying to get the connbytes module working but apparently
>>> the CVS/SVN libipt_connbytes.c is outdated (for example it uses sinfo->from
>>>instead of sinfo->count.from). If you've been mantaining it, can you
>>>send me your latest version?
>>
>>Which particular version of ipt_connbytes are you talking about?
>>
>>at least the 2.6.x version from subversion appears to use 'count.from'
>>consistently.
>>
>>I don't have anything else than current subversion.
>>
>>--
>>- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
>>============================================================================
>> "Fragmentation is like classful addressing -- an interesting early
>> architectural error that shows how much experimentation was going
>> on while IP was being designed." -- Paul Vixie
>>
>>
>>
next prev parent reply other threads:[~2004-11-18 22:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <419052E5.4080609@koba.com.ar>
2004-11-09 9:04 ` About connbytes Harald Welte
2004-11-18 21:17 ` Mike Carlton
2004-11-18 22:14 ` koba [this message]
2004-11-18 22:49 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=419D1EB3.8030806@koba.com.ar \
--to=koba@koba.com.ar \
--cc=mikecarlton@gmail.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.