Re: knoppix 3.9 iptables : string-match

To: debian-knoppix@lists.debian.org
Subject: Re: knoppix 3.9 iptables : string-match
From: "Florian Osses" <florian.osses@wtnet.de>
Date: Thu, 13 Oct 2005 15:28:42 +0200 (CEST)
Message-id: <[🔎] 41250.134.100.101.1.1129210122.squirrel@134.100.101.1>

Hello again,

the problem of compilation is solved. The solution can be found at the
knoppix.net forum.
Shortly: Replace following:
OLD:
static struct ipt_match string_match
= { { NULL, NULL }, "string", &match, &checkentry, NULL, THIS_MODULE };

NEW:
static struct ipt_match string_match = {
   .name       = "string",
   .checkentry   = checkentry,
   .me       = THIS_MODULE
};

And set integer "smp_num_cpus" to 1.

But now there is another problem:
module can be loaded properly, but when filtering a string and a host sends
this defined string, the firewall gets a Kernel PANIC while ipt_do_table is
in stack. This is a function defined in ip_tables.c.
I don't know how to solve it. Does anyone now the error or have a nice hint??

Florian Osses


Am Montag, 10. Oktober 2005 22:47 schrieb Florian Osses:
> Hello there,
>
> i just questioned at the knoppix.net forum but got no help.
> I followed the hint, asking in this mailing list.
> Today I failed compiling different versions of the ipt_string Modul for
> IpTables.
> My working System is a Knoppix 4.0, with Kernel 2.6.12 (the original from
> knoppix). Iptables has been updated to 1.3.3
> I know, that there is a ipt_string Modul compiled in it, but this doesn't
> work: Invalid module format.
> So this is not suitable for my kernel-version.
> My next try was some Modules out of patch-o-matic-ng from netfilter.org
> compiling with the kernel.
> But the latest Version containing string-match doesn't work either. I even
> can't get it compiled because of several errors.
> Then i tried compiling th ipt_string.c out of the iptables1.3.3-sources
> within the kernel. That didn't work as well.
>
> So I had a look at an old remasterd Installation of Knoppix 3.9. There was
> a compiled modul, BUT it didn't work.
> When trying to use it by this command:
> iptables -I INPUT -m string --string "test" -j DROP
> I got an error "Iptables: No chain/target/match by that name"
>
> What's wrong now?
> Does anyone know, how to set up a working iptables with string-match?
>
>
> Greets,
> florian Osses

Reply to:

Prev by Date: Re: gmane.linux.drivers.ipw2100.devel: Authorization required
Next by Date: Re: Re: Terminal Server after hd install (fixed Patch)
Previous by thread: knoppix 3.9 iptables : string-match
Next by thread: Selling Knoppix
Index(es):
- Date
- Thread