LARTC - Feb 2002 - problems with IMQ + Netfilter IP_LIMIT patch from netfilter CVS

Martin:
I have problems after apply those patchs to kernel 2.4.17
"make modules" can''t compile any "shed" modules.
Here I write a fragment for iplimit.patch

+ * netfilter module to limit the number of parallel tcp
+ * connections per IP address.
+ *   (c) 2000 Gerd Knorr <kraxel@bytesex.org>
+ *
+ * based on ...
+ *
+ * Kernel module to match connection tracking information.
+ * GPL (C) 1999  Rusty Russell (rusty@rustcorp.com.au).
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/list.h>
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ipv4/ip_conntrack_core.h>
+#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_iplimit.h>
+
+#define DEBUG 0
+
+/* we''ll save the tuples of all connections we care about */
+struct ipt_iplimit_conn
+{
+        struct list_head list;
+       struct ip_conntrack_tuple tuple;
+};
+
[...]
Could be that IMQ conflict with this patch, and make modules fail?

-- 
Saludos,
 Fabian Gervan

it is hard to say. you didn''t included make output
so that I have no clue what''s going on. Does it compile Without
IMQ  ?
devik

On Thu, 14 Feb 2002, Fabian Gervan wrote:
> Martin:
> I have problems after apply those patchs to kernel 2.4.17
> "make modules" can''t compile any "shed"
modules.
> Here I write a fragment for iplimit.patch
> 
> + * netfilter module to limit the number of parallel tcp
> + * connections per IP address.
> + *   (c) 2000 Gerd Knorr <kraxel@bytesex.org>
> + *
> + * based on ...
> + *
> + * Kernel module to match connection tracking information.
> + * GPL (C) 1999  Rusty Russell (rusty@rustcorp.com.au).
> + */
> +#include <linux/module.h>
> +#include <linux/skbuff.h>
> +#include <linux/list.h>
> +#include <linux/netfilter_ipv4/ip_conntrack.h>
> +#include <linux/netfilter_ipv4/ip_conntrack_core.h>
> +#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
> +#include <linux/netfilter_ipv4/ip_tables.h>
> +#include <linux/netfilter_ipv4/ipt_iplimit.h>
> +
> +#define DEBUG 0
> +
> +/* we''ll save the tuples of all connections we care about */
> +struct ipt_iplimit_conn
> +{
> +        struct list_head list;
> +       struct ip_conntrack_tuple tuple;
> +};
> +
> [...]
> Could be that IMQ conflict with this patch, and make modules fail?
> 
> -- 
> Saludos,
>  Fabian Gervan
> 
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
> 
>

Hello Martin,

MD> it is hard to say. you didn''t included make output
MD> so that I have no clue what''s going on. Does it compile Without
MD> IMQ  ?
MD> devik
The problem is IPLIMIT PATCH+NEWNAT7, H323, (those annswer-me in the
netfilter-devel list)
Now i am using IMQ (I turned off iplimit), it work very well,
congratulations, but i have other problem:

Wipld (traffic monitor tool )don''t show any information on eth0/1, ntop
neigther.
Also i attemp to configure both programs tu get imq information:
# ntop -i imq
ntop: listening on imq
ntop: unknown physical layer type 0xffff

Any idea?

-- 
Best regards,
 Fabian                            mailto:fabian1@inter-k.com.ar

> Wipld (traffic monitor tool )don''t show any information on eth0/1,
ntop
> neigther.
> Also i attemp to configure both programs tu get imq information:
> # ntop -i imq
> ntop: listening on imq
> ntop: unknown physical layer type 0xffff
you can''t use imq for anything else than as qdisc placeholder.
There is nothing what should prevent you from looking at interface.
I don''t know ntop nor wipld so I don''t know what could be
wrong.
You have to look into it and tell me whether the problem is with
packet sniffing (try tcpdump on ethX) or with cat /proc/net/dev

devik