Update Iptables in order to use String-Match

Update Iptables in order to use String-Match

[sven]

Hi List!

I am running Linux 2.4.32 and an older version of iptables.
I'd like to use String-Match. I tried to update with some verions of
p-o-m. Nothing helped. I also compiled iptables 1.3.5. successfully.

What went wrong?

RE: Update Iptables in order to use String-Match

[Rob Sterenborg]

> Hi List!
> 
> I am running Linux 2.4.32 and an older version of iptables.
> I'd like to use String-Match. I tried to update with some verions of
> p-o-m. Nothing helped. I also compiled iptables 1.3.5. successfully.
> 
> What went wrong?

Dunno.. The crystal ball is a bit cloudy today. Any error messages ?

You have "updated some versions of p-o-m". What do you mean by that ?
What have you done exactly ?

Have you :
- untarred the kernel,
- untarred POM,
- untarred iptables,
- patched both the kernel and iptables with POM,
- compiled and installed the kernel and modules,
- compiled and installed iptables ?


Gr,
Rob

Re: Update Iptables in order to use String-Match

[sven]

Rob Sterenborg schrieb:
> Dunno.. The crystal ball is a bit cloudy today. Any error messages ?
oh I 've forgotten:

linux:/usr/local/lib/iptables # iptables -m string -h
iptables: match `string' v1.3.3 (I'm v1.3.5)

> You have "updated some versions of p-o-m". What do you mean by that ?
> What have you done exactly ?
> 
> Have you :
> - untarred the kernel,
> - untarred POM,
> - untarred iptables,
all yes

> - patched both the kernel and iptables with POM,
yes, but don't add string-match

> - compiled and installed the kernel and modules,
yes, but no string-match modul seen in kernel menuconfig

> - compiled and installed iptables ?
yes

RE: Update Iptables in order to use String-Match

[Rob Sterenborg]

>> Dunno.. The crystal ball is a bit cloudy today. Any error messages ?
>> oh I 've forgotten: 
> 
> linux:/usr/local/lib/iptables # iptables -m string -h
> iptables: match `string' v1.3.3 (I'm v1.3.5)

So your iptables isn't installed or installed in a different path than
the original.

>> You have "updated some versions of p-o-m". What do you mean by that
>> ? What have you done exactly ? 
>> 
>> Have you :
>> - untarred the kernel,
>> - untarred POM,
>> - untarred iptables,
> all yes
> 
>> - patched both the kernel and iptables with POM,
> yes, but don't add string-match

So that's where things go wrong : if it doesn't show up, you couldn't
have patched the kernel for it.

The string match is in the Extra repository. Did you run POM with
"./runme extra" ?
http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra
-string

>> - compiled and installed the kernel and modules,
> yes, but no string-match modul seen in kernel menuconfig

See above.

>> - compiled and installed iptables ?
> yes

I think not completely.
What does "iptables -V" say ? (Mine says : "iptables v1.3.5-2006xxxx")


Gr,
Rob

Re: Update Iptables in order to use String-Match

[sven]

Rob Sterenborg schrieb:
> So your iptables isn't installed or installed in a different path than
> the original.
hmm bad...how do I correct this?

> So that's where things go wrong : if it doesn't show up, you couldn't
> have patched the kernel for it.
> 
> The string match is in the Extra repository. Did you run POM with
> "./runme extra" ?
> http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra
> -string
hmm no, I will do this now...

 > I think not completely.
> What does "iptables -V" say ? (Mine says : "iptables v1.3.5-2006xxxx")
iptables v1.3.5

RE: Update Iptables in order to use String-Match

[Rob Sterenborg]

>> So your iptables isn't installed or installed in a different path
>> than the original.
> hmm bad...how do I correct this?

>> iptables: match `string' v1.3.3 (I'm v1.3.5)

The last part between the brackets, I suppose iptables wrote it ? (I
think I got confused there.)
If this is true, you have the string match from 1.3.3 installed (if you
already had it, why build a new kernel/iptables ?) and are using
iptables 1.3.5. (That means you have iptables-1.3.5 installed but didn't
install string match 1.3.5 which would be true, reading below.)

>> The string match is in the Extra repository. Did you run POM with
>> "./runme extra" ? 
>
> hmm no, I will do this now...

I think that will solve your problem.
(Remember to also recompile iptables..)


Gr,
Rob

Re: Update Iptables in order to use String-Match

[sven]

Rob Sterenborg schrieb:
> The last part between the brackets, I suppose iptables wrote it ? (I
> think I got confused there.)
> If this is true, you have the string match from 1.3.3 installed (if you
> already had it, why build a new kernel/iptables ?) and are using
> iptables 1.3.5. (That means you have iptables-1.3.5 installed but didn't
> install string match 1.3.5 which would be true, reading below.)
When I used String-Match with Hex, I got a Sigfault.

 > I think that will solve your problem.
> (Remember to also recompile iptables..)
I will do...

Re: Update Iptables in order to use String-Match

[sven]

Rob Sterenborg schrieb:
> The last part between the brackets, I suppose iptables wrote it ? (I
> think I got confused there.)
> If this is true, you have the string match from 1.3.3 installed (if you
> already had it, why build a new kernel/iptables ?) and are using
> iptables 1.3.5. (That means you have iptables-1.3.5 installed but didn't
> install string match 1.3.5 which would be true, reading below.)
> 
>>> The string match is in the Extra repository. Did you run POM with
>>> "./runme extra" ? 
>> hmm no, I will do this now...
> 
> I think that will solve your problem.
> (Remember to also recompile iptables..)

The last version of POM does not content String-match!
I found it in a version of 2004, is that right?

RE: Update Iptables in order to use String-Match

[Rob Sterenborg]

>> The last part between the brackets, I suppose iptables wrote it ? (I
>> think I got confused there.) If this is true, you have the string
>> match from 1.3.3 installed (if you already had it, why build a new
>> kernel/iptables ?) and are using iptables 1.3.5. (That means you
>> have iptables-1.3.5 installed but didn't install string match 1.3.5
>> which would be true, reading below.) 
>> 
>>>> The string match is in the Extra repository. Did you run POM with
>>>> "./runme extra" ?
>>> hmm no, I will do this now...
>> 
>> I think that will solve your problem.
>> (Remember to also recompile iptables..)
> 
> The last version of POM does not content String-match!
> I found it in a version of 2004, is that right?

Hm. I never used it so I never noticed ; it indeed appears to be dropped
or something.
If you really need it (we don't know what you actually want to do, so
maybe there's another/better way), maybe you can use an old POM for just
the string match, and a recent POM for the rest.. But I'm not sure if
that's such a good idea or even if that will break something : it's up
to you.


Gr,
Rob