Thanks Toth ----- Toth Szabolcs wrote -----> I have read on a mail list that you should install the > db-4.1.25 Berkeley DB 4.1.25) get the > iproute2-2.4.7-now-ss020116-try.tar.gz and patch which > you need.Woohoo! Finally, an answer which just happened to point me in the right direction. Also, I spent a little more time scouring through the compile errors. The solution is in fact a mixed bag ;-) The code uses a hack to include db.h from a BerkeleyDB 3.x install. I have BekeleyDB 4.1.25, so simply edited the Makefile to reflect the difference! File iproute2/include-glibc/db.h gives the hack away ;-) ----- <snip iproute2/include-glibc/db.h> ----- ... "The simplest trick which I was able to invent is to write fake db.h including db_185.h and adding -I/usr/include/db3 to CFLAGS." ... #include <db_185.h> ----- </snip iproute2/include-glibc/db.h> ----- The solution was to chang the following line in iproute2/Makefile from: GLIBCFIX=-I../include-glibc -I/usr/include/db3 to: GLIBCFIX=-I../include-glibc -I/usr/include/db4 and make sure that KERNEL_INCLUDE pointed to, which I''d done from the very beginning.> KERNEL_INCLUDE=/usr/src/linux-2.6.1/includeI''m one happy camper now *grin* Thanks Dale _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hi. i have a firewall with 2 interfaces, i ran linux on it it configured with iproute and iptables, it has a 32Mbit uplink, and it tries ;) to protect ~300 users from general threats. i filter on both interfaces, because our lan is frequently infected with viruses. i need to run at least a program which outputs minimal information on connections which are passed thru so, i need a special interface - something that works like the lo - because i want to relive the network acccounting from outfiltered packets ( and i want to be able to deploy snort too ;) because of this thing, in the last time it caused some overhead in the accounting daemon (it consumed a lot of cpu then stopped) when we have ddos-ed ;) i can accept a solution where the machine routes the packets twice, so i can run my programs on a middle interface. --- sorry for my bad english... _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/