* Where is TARPIT -- iptables V. 1.3.4
@ 2005-11-21 17:48 Richard R
2005-11-21 19:07 ` ?ukasz Hejnak
0 siblings, 1 reply; 5+ messages in thread
From: Richard R @ 2005-11-21 17:48 UTC (permalink / raw)
To: netfilter
Previously I had to use patch-o-matic to get the TARPIT target
extension working. However according to the iptables V1.3.4 man page
TARPIT is an extension that is part of the "standard distribution" I
am using linux kernel 2.6.14.2 . Also, I receive no hits when greping
for TARPIT in the kernel source.
How do I get TARPIT working on a linux kernel 2.6.14.2 based system?
Do I still need a kernel patch?
(or if there is documentation on this, please let me know.)
Thanks
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where is TARPIT -- iptables V. 1.3.4
2005-11-21 17:48 Where is TARPIT -- iptables V. 1.3.4 Richard R
@ 2005-11-21 19:07 ` ?ukasz Hejnak
2005-11-21 21:35 ` Richard R
0 siblings, 1 reply; 5+ messages in thread
From: ?ukasz Hejnak @ 2005-11-21 19:07 UTC (permalink / raw)
To: NetFilter
Richard R napisa?(a):
> am using linux kernel 2.6.14.2
hmm.. well afaik the tarpit extension is only for kernels < 2.6
*btw, I just checked, here's how it looks
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/patchlets/TARPIT/info?rev=4018&view=markup
Title: iptables TARPIT target
Author: "Aaron Hopkins" <lists@die.net>
Status: Works for me
Repository: extra
Requires: linux < 2.6.0
> How do I get TARPIT working on a linux kernel 2.6.14.2 based system?
well so far (I have also a 2.6.x kernel) I've been using the pom
and just changing the above in the 'info' file to "> 2.4.0" and it
didn't complain about a thing ;) I know that's a dirty way of doing it,
but hey, it's working fine for me :)
--
Best wishes
?ukasz Hejnak
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where is TARPIT -- iptables V. 1.3.4
2005-11-21 19:07 ` ?ukasz Hejnak
@ 2005-11-21 21:35 ` Richard R
2005-11-22 5:06 ` /dev/rob0
2005-11-22 9:56 ` Łukasz Hejnak
0 siblings, 2 replies; 5+ messages in thread
From: Richard R @ 2005-11-21 21:35 UTC (permalink / raw)
To: ?ukasz Hejnak; +Cc: NetFilter
Thanks for the reply.
It looks like the tarpit module provided by pom won't compile in the
2.6.14.2 kernel:
CC [M] net/ipv4/netfilter/ipt_string.o
CC [M] net/ipv4/netfilter/ipt_REJECT.o
CC [M] net/ipv4/netfilter/ipt_TARPIT.o
net/ipv4/netfilter/ipt_TARPIT.c: In function `tarpit_tcp':
net/ipv4/netfilter/ipt_TARPIT.c:123: error: structure has no member
named `nfcache'
net/ipv4/netfilter/ipt_TARPIT.c:197: warning: implicit declaration of
function `dst_pmtu'
make[3]: *** [net/ipv4/netfilter/ipt_TARPIT.o] Error 1
make[2]: *** [net/ipv4/netfilter] Error 2
make[1]: *** [net/ipv4] Error 2
make: *** [net] Error 2
Any ideas?
On 11/21/05, ?ukasz Hejnak <sziftgroup@wp.pl> wrote:
> Richard R napisa?(a):
> > am using linux kernel 2.6.14.2
>
> hmm.. well afaik the tarpit extension is only for kernels < 2.6
> *btw, I just checked, here's how it looks
>
> http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng/patchlets/TARPIT/info?rev=4018&view=markup
> Title: iptables TARPIT target
> Author: "Aaron Hopkins" <lists@die.net >
> Status: Works for me
> Repository: extra
> Requires: linux < 2.6.0
>
> > How do I get TARPIT working on a linux kernel 2.6.14.2 based system?
> well so far (I have also a 2.6.x kernel) I've been using the pom
> and just changing the above in the 'info' file to "> 2.4.0" and it
> didn't complain about a thing ;) I know that's a dirty way of doing it,
> but hey, it's working fine for me :)
>
> --
> Best wishes
> ?ukasz Hejnak
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where is TARPIT -- iptables V. 1.3.4
2005-11-21 21:35 ` Richard R
@ 2005-11-22 5:06 ` /dev/rob0
2005-11-22 9:56 ` Łukasz Hejnak
1 sibling, 0 replies; 5+ messages in thread
From: /dev/rob0 @ 2005-11-22 5:06 UTC (permalink / raw)
To: netfilter
On Monday 2005-November-21 15:35, Richard R wrote:
> It looks like the tarpit module provided by pom won't compile in
> the 2.6.14.2 kernel:
That should come as no surprise.
> Any ideas?
Yes, read the quoted message.
> On 11/21/05, ?ukasz Hejnak <sziftgroup@wp.pl> wrote:
> > Richard R napisa?(a):
> > > am using linux kernel 2.6.14.2
> >
> > hmm.. well afaik the tarpit extension is only for kernels < 2.6
> > *btw, I just checked, here's how it looks
> >
> > http://svn.netfilter.org/cgi-bin/viewcvs.cgi/trunk/patch-o-matic-ng
> >/patchlets/TARPIT/info?rev=4018&view=markup Title: iptables TARPIT
> > target
> > Author: "Aaron Hopkins" <lists@die.net >
> > Status: Works for me
> > Repository: extra
> > Requires: linux < 2.6.0
"Requires: linux < 2.6.0" means it will not work on 2.6.x.
> > > How do I get TARPIT working on a linux kernel 2.6.14.2 based
> > > system?
> >
> > well so far (I have also a 2.6.x kernel) I've been using the pom
> > and just changing the above in the 'info' file to "> 2.4.0" and it
> > didn't complain about a thing ;) I know that's a dirty way of doing
> > it, but hey, it's working fine for me :)
Did you try this suggestion?
If all else fails you could DNAT the traffic you want to TARPIT from
your 2.6.x machine to a 2.4.x one. If you don't have one available,
there's always user-mode Linux.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where is TARPIT -- iptables V. 1.3.4
2005-11-21 21:35 ` Richard R
2005-11-22 5:06 ` /dev/rob0
@ 2005-11-22 9:56 ` Łukasz Hejnak
1 sibling, 0 replies; 5+ messages in thread
From: Łukasz Hejnak @ 2005-11-22 9:56 UTC (permalink / raw)
To: NetFilter
Richard R wrote:
> It looks like the tarpit module provided by pom won't compile in the
> 2.6.14.2 kernel:
> CC [M] net/ipv4/netfilter/ipt_string.o
> CC [M] net/ipv4/netfilter/ipt_REJECT.o
> CC [M] net/ipv4/netfilter/ipt_TARPIT.o
> net/ipv4/netfilter/ipt_TARPIT.c: In function `tarpit_tcp':
> net/ipv4/netfilter/ipt_TARPIT.c:123: error: structure has no member
> named `nfcache'
> net/ipv4/netfilter/ipt_TARPIT.c:197: warning: implicit declaration of
> function `dst_pmtu'
> make[3]: *** [net/ipv4/netfilter/ipt_TARPIT.o] Error 1
> make[2]: *** [net/ipv4/netfilter] Error 2
> make[1]: *** [net/ipv4] Error 2
> make: *** [net] Error 2
Hmm.. in fact I've been doing so till 2.6.11.12 and everything was fine,
but now I compiled the 2.6.14.12 and patched it with POM and I'm having
similar errors with this, but in my case the build stops at the
ipt_osf.o, although I suspect that if I disable OSF, it will complain
with the TARPIT as well. So what's wrong? what have been changed in this
branch of the kernel that breaks this?
For the OSF I got this:
CC [M] net/ipv4/netfilter/ipt_osf.o
net/ipv4/netfilter/ipt_osf.c: In function `ipt_osf_nlsend':
net/ipv4/netfilter/ipt_osf.c:158: error: structure has no member named
`dst_groups'
net/ipv4/netfilter/ipt_osf.c: In function `osf_init':
net/ipv4/netfilter/ipt_osf.c:824: warning: passing arg 2 of
`netlink_kernel_create' makes integer from pointer without a cast
net/ipv4/netfilter/ipt_osf.c:824: error: too few arguments to function
`netlink_kernel_create'
Anybody into kernel hacking? :)
or maybe is there a simple solution to adapt the ipt_TARPIT.c and
ipt_osf.c to the new kernel?
--
Best wishes
£ukasz Hejnak
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2005-11-22 9:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-21 17:48 Where is TARPIT -- iptables V. 1.3.4 Richard R
2005-11-21 19:07 ` ?ukasz Hejnak
2005-11-21 21:35 ` Richard R
2005-11-22 5:06 ` /dev/rob0
2005-11-22 9:56 ` Łukasz Hejnak
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox