* Re: About connbytes
[not found] <419052E5.4080609@koba.com.ar>
@ 2004-11-09 9:04 ` Harald Welte
2004-11-18 21:17 ` Mike Carlton
0 siblings, 1 reply; 4+ messages in thread
From: Harald Welte @ 2004-11-09 9:04 UTC (permalink / raw)
To: koba@koba.com.ar; +Cc: Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 921 bytes --]
On Tue, Nov 09, 2004 at 02:17:25AM -0300, koba@koba.com.ar wrote:
> Hello,
> I've been trying to get the connbytes module working but apparently
> the CVS/SVN libipt_connbytes.c is outdated (for example it uses sinfo->from
> instead of sinfo->count.from). If you've been mantaining it, can you
> send me your latest version?
Which particular version of ipt_connbytes are you talking about?
at least the 2.6.x version from subversion appears to use 'count.from'
consistently.
I don't have anything else than current subversion.
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: About connbytes
2004-11-09 9:04 ` About connbytes Harald Welte
@ 2004-11-18 21:17 ` Mike Carlton
2004-11-18 22:14 ` koba
2004-11-18 22:49 ` Harald Welte
0 siblings, 2 replies; 4+ messages in thread
From: Mike Carlton @ 2004-11-18 21:17 UTC (permalink / raw)
To: Harald Welte, koba@koba.com.ar, Netfilter Development Mailinglist
I have the same problem with an outdated libopt_connbytes.c
The latest snapshot
ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-1.3.0-20041114.tar.bz2
as well as the most recent browsable version I can find
http://cvs.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libipt_connbytes.c?rev=3071&view=markup
are both old.
Can you give us a link to the current subversion version you refer to?
Thanks,
--Mike Carlton
On Tue, 9 Nov 2004 10:04:22 +0100, Harald Welte <laforge@netfilter.org> wrote:
> On Tue, Nov 09, 2004 at 02:17:25AM -0300, koba@koba.com.ar wrote:
> > Hello,
> > I've been trying to get the connbytes module working but apparently
> > the CVS/SVN libipt_connbytes.c is outdated (for example it uses sinfo->from
> > instead of sinfo->count.from). If you've been mantaining it, can you
> > send me your latest version?
>
> Which particular version of ipt_connbytes are you talking about?
>
> at least the 2.6.x version from subversion appears to use 'count.from'
> consistently.
>
> I don't have anything else than current subversion.
>
> --
> - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
> ============================================================================
> "Fragmentation is like classful addressing -- an interesting early
> architectural error that shows how much experimentation was going
> on while IP was being designed." -- Paul Vixie
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: About connbytes
2004-11-18 21:17 ` Mike Carlton
@ 2004-11-18 22:14 ` koba
2004-11-18 22:49 ` Harald Welte
1 sibling, 0 replies; 4+ messages in thread
From: koba @ 2004-11-18 22:14 UTC (permalink / raw)
To: Mike Carlton; +Cc: netfilter-devel
Looks like there is a difference in the development stage between the
lastest iptables connbytes and the kernel connbytes (different struct
expected in ipt_connbytes.h). It was not useable, at least the last time
I checked (9/2004).
The solution I found was to patch the kernel with the connbytes patch
from pom patch-o-matic-ng-20040621 and use the lastest iptables.
Be warned, that version uses 32-bit counters (4gb per conntrack entry
limit) but I shouldn't be a problem in most cases. Anyway, it shouldn't
be so difficult to change them to 64-bit.
If you need I can send you a patch for 2.6.7 kernel so you can skip the
pom part. You don't need to patch iptables, connbytes is already
included but you'll need to recompile iptables against you patched
kernel so the connbytes extension is included in the compilation.
--
Claudio
Mike Carlton wrote:
> I have the same problem with an outdated libopt_connbytes.c
>
> The latest snapshot
> ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-1.3.0-20041114.tar.bz2
> as well as the most recent browsable version I can find
> http://cvs.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libipt_connbytes.c?rev=3071&view=markup
>
> are both old.
>
> Can you give us a link to the current subversion version you refer to?
>
> Thanks,
> --Mike Carlton
>
>
> On Tue, 9 Nov 2004 10:04:22 +0100, Harald Welte <laforge@netfilter.org> wrote:
>
>>On Tue, Nov 09, 2004 at 02:17:25AM -0300, koba@koba.com.ar wrote:
>>
>>>Hello,
>>> I've been trying to get the connbytes module working but apparently
>>> the CVS/SVN libipt_connbytes.c is outdated (for example it uses sinfo->from
>>>instead of sinfo->count.from). If you've been mantaining it, can you
>>>send me your latest version?
>>
>>Which particular version of ipt_connbytes are you talking about?
>>
>>at least the 2.6.x version from subversion appears to use 'count.from'
>>consistently.
>>
>>I don't have anything else than current subversion.
>>
>>--
>>- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
>>============================================================================
>> "Fragmentation is like classful addressing -- an interesting early
>> architectural error that shows how much experimentation was going
>> on while IP was being designed." -- Paul Vixie
>>
>>
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: About connbytes
2004-11-18 21:17 ` Mike Carlton
2004-11-18 22:14 ` koba
@ 2004-11-18 22:49 ` Harald Welte
1 sibling, 0 replies; 4+ messages in thread
From: Harald Welte @ 2004-11-18 22:49 UTC (permalink / raw)
To: Mike Carlton; +Cc: koba@koba.com.ar, Netfilter Development Mailinglist
[-- Attachment #1: Type: text/plain, Size: 1401 bytes --]
On Thu, Nov 18, 2004 at 01:17:15PM -0800, Mike Carlton wrote:
> I have the same problem with an outdated libopt_connbytes.c
>
> The latest snapshot
> ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-1.3.0-20041114.tar.bz2
> as well as the most recent browsable version I can find
> http://cvs.netfilter.org/cgi-bin/viewcvs.cgi/trunk/iptables/extensions/libipt_connbytes.c?rev=3071&view=markup
>
> are both old.
>
> Can you give us a link to the current subversion version you refer to?
I'm sorry. I misinterpreted the original mail and thought the claim was
that header file and kernel code were out ouf sync. In fact, the
libipt_connbytes.c really was out of sync with the kernel
implementation.
I've now spent a couple of minutes and tried to bring libipt_connbytes
in sync with the kernel part in patch-o-matic-ng (Rev. 3284)
Unfortunately I lack the time for testing beyond the 'compile test'. If
you could provide any feedback, that would be appreciated.
> Thanks,
> --Mike Carlton
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-11-18 22:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <419052E5.4080609@koba.com.ar>
2004-11-09 9:04 ` About connbytes Harald Welte
2004-11-18 21:17 ` Mike Carlton
2004-11-18 22:14 ` koba
2004-11-18 22:49 ` Harald Welte
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.