Fabian Gervan
2002-Feb-14  22:49 UTC
problems with IMQ + Netfilter IP_LIMIT patch from netfilter CVS
Martin:
I have problems after apply those patchs to kernel 2.4.17
"make modules" can''t compile any "shed" modules.
Here I write a fragment for iplimit.patch
+ * netfilter module to limit the number of parallel tcp
+ * connections per IP address.
+ *   (c) 2000 Gerd Knorr <kraxel@bytesex.org>
+ *
+ * based on ...
+ *
+ * Kernel module to match connection tracking information.
+ * GPL (C) 1999  Rusty Russell (rusty@rustcorp.com.au).
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/list.h>
+#include <linux/netfilter_ipv4/ip_conntrack.h>
+#include <linux/netfilter_ipv4/ip_conntrack_core.h>
+#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_iplimit.h>
+
+#define DEBUG 0
+
+/* we''ll save the tuples of all connections we care about */
+struct ipt_iplimit_conn
+{
+        struct list_head list;
+       struct ip_conntrack_tuple tuple;
+};
+
[...]
Could be that IMQ conflict with this patch, and make modules fail?
-- 
Saludos,
 Fabian Gervan
Martin Devera
2002-Feb-15  11:36 UTC
Re: problems with IMQ + Netfilter IP_LIMIT patch from netfilter CVS
it is hard to say. you didn''t included make output so that I have no clue what''s going on. Does it compile Without IMQ ? devik On Thu, 14 Feb 2002, Fabian Gervan wrote:> Martin: > I have problems after apply those patchs to kernel 2.4.17 > "make modules" can''t compile any "shed" modules. > Here I write a fragment for iplimit.patch > > + * netfilter module to limit the number of parallel tcp > + * connections per IP address. > + * (c) 2000 Gerd Knorr <kraxel@bytesex.org> > + * > + * based on ... > + * > + * Kernel module to match connection tracking information. > + * GPL (C) 1999 Rusty Russell (rusty@rustcorp.com.au). > + */ > +#include <linux/module.h> > +#include <linux/skbuff.h> > +#include <linux/list.h> > +#include <linux/netfilter_ipv4/ip_conntrack.h> > +#include <linux/netfilter_ipv4/ip_conntrack_core.h> > +#include <linux/netfilter_ipv4/ip_conntrack_tcp.h> > +#include <linux/netfilter_ipv4/ip_tables.h> > +#include <linux/netfilter_ipv4/ipt_iplimit.h> > + > +#define DEBUG 0 > + > +/* we''ll save the tuples of all connections we care about */ > +struct ipt_iplimit_conn > +{ > + struct list_head list; > + struct ip_conntrack_tuple tuple; > +}; > + > [...] > Could be that IMQ conflict with this patch, and make modules fail? > > -- > Saludos, > Fabian Gervan > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/ > >
Fabian Gervan
2002-Feb-15  20:46 UTC
Re[2]: problems with IMQ + Netfilter IP_LIMIT patch from netfilter CVS
Hello Martin, MD> it is hard to say. you didn''t included make output MD> so that I have no clue what''s going on. Does it compile Without MD> IMQ ? MD> devik The problem is IPLIMIT PATCH+NEWNAT7, H323, (those annswer-me in the netfilter-devel list) Now i am using IMQ (I turned off iplimit), it work very well, congratulations, but i have other problem: Wipld (traffic monitor tool )don''t show any information on eth0/1, ntop neigther. Also i attemp to configure both programs tu get imq information: # ntop -i imq ntop: listening on imq ntop: unknown physical layer type 0xffff Any idea? -- Best regards, Fabian mailto:fabian1@inter-k.com.ar
Martin Devera
2002-Feb-15  20:49 UTC
Re: Re[2]: problems with IMQ + Netfilter IP_LIMIT patch from netfilter CVS
> Wipld (traffic monitor tool )don''t show any information on eth0/1, ntop > neigther. > Also i attemp to configure both programs tu get imq information: > # ntop -i imq > ntop: listening on imq > ntop: unknown physical layer type 0xffffyou can''t use imq for anything else than as qdisc placeholder. There is nothing what should prevent you from looking at interface. I don''t know ntop nor wipld so I don''t know what could be wrong. You have to look into it and tell me whether the problem is with packet sniffing (try tcpdump on ethX) or with cat /proc/net/dev devik