Bug#591734: marked as done (l7-filter does not mark any package)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 17 Feb 2014 12:50:11 +0000
with message-id <[🔎] E1WFNeF-0005RT-HA@franck.debian.org>
and subject line Bug#735185: Removed package(s) from unstable
has caused the Debian Bug report #591734,
regarding l7-filter does not mark any package
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
591734: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591734
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: l7-filter does not mark any package
• From: Niccolò Belli <darkbasic4@gmail.com>
• Date: Thu, 5 Aug 2010 05:26:04 +0200
• Message-id: <AANLkTik8yD23ycOTq+MHaMA0aFqNU9AQqbSJrh3eA858@mail.gmail.com>

Package: l7-filter-userspace

Version: 0.11-4

Hi, I can send packets from the mangle chain to l7-filter, but
analyzing packets in output on the filter chain you can see packets
had not been marked.

l7-filter loads all the patterns flawlessly and does not give any error.



### POLICY ###
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

iptables -t mangle -A FORWARD -i ppp0 -o eth1 -j NFQUEUE --queue-num 1
iptables -t mangle -A FORWARD -i eth1 -o ppp0 -j NFQUEUE --queue-num 1

# CHAIN #
iptables -N INtoOUT
iptables -N OUTtoIN
iptables -N INTERNETWORK

# FORWARD to CHAIN #
iptables -A FORWARD -i ppp0 -j OUTtoIN
iptables -A FORWARD -o ppp0 -j INtoOUT
iptables -A FORWARD -j DROP


iptables -A OUTtoIN -o eth1 -m mark --mark 4 -j ACCEPT
iptables -A OUTtoIN -o eth1 -p udp --dport 5060 -m mark --mark 7 -j ACCEPT
iptables -A OUTtoIN -o eth1 -p udp --dport 10000:20000 -m mark --mark
8 -j ACCEPT
iptables -A OUTtoIN -o eth1 -m mark --mark 5 -j ACCEPT
iptables -A OUTtoIN -j DROP

iptables -A INtoOUT -i eth1 -m mark --mark 3 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 4 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 5 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 6 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 7 -j ACCEPT
iptables -A INtoOUT -i eth1 -m mark --mark 8 -j ACCEPT
iptables -A INtoOUT -i eth1 -j LOG --log-prefix "DROP!!! "
iptables -A INtoOUT -j DROP



# l7-filter -f /etc/l7-protocols/l7filter.conf -q 1 -vv -p
/etc/l7-protocols/protocols/
Attempting to read configuration from /etc/l7-protocols/l7filter.conf.metano
Attempting to load pattern from /etc/l7-protocols/protocols///imap.pat
pattern='^(\* ok|a[0-9]+ noop)'
eflags=0 cflags=11
Added: imap     mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///pop3.pat
pattern='^(\+ok |-err )'
eflags=0 cflags=11
Added: pop3     mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///smtp.pat
pattern='^220[\x09-\x0d -~]* (E?SMTP|[Ss]imple [Mm]ail)'
eflags=0 cflags=9
Added: smtp     mark=3
Attempting to load pattern from /etc/l7-protocols/protocols///http.pat
pattern='http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9] [\x09-\x0d
-~]*(connection:|content-type:|content-length:|date:)|post [\x09-\x0d
-~]* http/[01]\.[019]'
eflags=0 cflags=11
Added: http     mark=4
Attempting to load pattern from /etc/l7-protocols/protocols///ftp.pat
pattern='^220[\x09-\x0d -~]*ftp'
eflags=0 cflags=11
Added: ftp      mark=4
Attempting to load pattern from /etc/l7-protocols/protocols///dns.pat
pattern='^.?.?.?.?[\x01\x02].?.?.?.?.?.?[\x01-?][a-z0-9][\x01-?a-z]*[\x02-\x06][a-z][a-z][fglmoprstuvz]?[aeop]?(um)?[\x01-\x10\x1c][\x01\x03\x04\xFF]'
eflags=0 cflags=11
Added: dns      mark=5
Attempting to load pattern from /etc/l7-protocols/protocols///vnc.pat
pattern='^rfb 00[1-9]\.00[0-9]\x0a$'
eflags=0 cflags=11
Added: vnc      mark=6
Attempting to load pattern from /etc/l7-protocols/protocols///sip.pat
pattern='^(invite|register|cancel|message|subscribe|notify)
sip[\x09-\x0d -~]*sip/[0-2]\.[0-9]'
eflags=0 cflags=11
Added: sip      mark=7
Attempting to load pattern from /etc/l7-protocols/protocols///rtp.pat
pattern='^\x80[\x01-"`-\x7f\x80-\xa2\xe0-\xff]?..........*\x80'
eflags=0 cflags=11
Added: rtp      mark=8
Made key from ct:       udp      17 src=192.168.2.3 dst=151.99.125.2
sport=33765 dport=53
Made key from ct:       udp      17 src=192.168.2.3 dst=151.99.125.2
sport=45219 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.159 dst=151.99.250.2
sport=53310 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=58489 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=39654 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=46075 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=56026 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=34057 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=52035 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=56459 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=34241 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=45604 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.159 dst=151.99.125.2
sport=57961 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=58489 dport=53
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=39654 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.159 dst=151.99.250.2
sport=53310 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Made key from ct:       tcp      6 src=192.168.2.3 dst=62.70.27.118
sport=35755 dport=80
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Made key from ct:       tcp      6 src=192.168.2.3 dst=62.70.27.118
sport=35732 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=62.70.27.118
sport=35733 dport=80
Got packet, had no ct:  udp      17 src=192.168.1.159 dst=151.99.125.2
sport=40446 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=58800 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.233
dst=74.207.249.60 sport=123 dport=123
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=153.16.4.134
sport=123 dport=123
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5061 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.159 dst=151.99.250.2
sport=33801 dport=53
Got packet, had no ct:  udp      17 src=62.10.112.29 dst=192.168.1.159
sport=5073 dport=5060
Got packet, had no ct:  udp      17 src=192.168.1.233 dst=8.8.8.8
sport=58800 dport=53
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.104
sport=32875 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.95
sport=60846 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.191
sport=44814 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.191
sport=44818 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.191
sport=44816 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.191
sport=44817 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=72.14.234.100
sport=51651 dport=80
Made key from ct:       tcp      6 src=192.168.2.3 dst=64.191.203.30
sport=54432 dport=80
Got packet, had no ct:  udp      17 src=192.168.1.204
dst=85.18.189.242 sport=123 dport=123



# tail -f /var/log/messages
Aug  5 03:23:06 xen-dom0 kernel: [116126.991650] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.233 DST=74.207.249.60 LEN=76 TOS=0x00 PREC=0xC0
TTL=63 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 MARK=0x1
Aug  5 03:23:06 xen-dom0 kernel: [116127.768316] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.159 DST=151.99.125.2 LEN=71 TOS=0x00 PREC=0x00
TTL=63 ID=13394 DF PROTO=UDP SPT=40703 DPT=53 LEN=51 MARK=0x1
Aug  5 03:23:11 xen-dom0 kernel: [116132.677311] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.159 DST=151.99.250.2 LEN=71 TOS=0x00 PREC=0x00
TTL=63 ID=14645 DF PROTO=UDP SPT=43358 DPT=53 LEN=51 MARK=0x1
Aug  5 03:23:15 xen-dom0 kernel: [116136.487151] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.233 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=14899 DF PROTO=UDP SPT=40872 DPT=53 LEN=40 MARK=0x1
Aug  5 03:23:15 xen-dom0 kernel: [116136.801616] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.233 DST=128.10.19.24 LEN=76 TOS=0x00 PREC=0xC0
TTL=63 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 MARK=0x1
Aug  5 03:23:16 xen-dom0 kernel: [116137.283845] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.204 DST=85.18.189.242 LEN=76 TOS=0x00 PREC=0x00
TTL=63 ID=0 DF PROTO=UDP SPT=123 DPT=123 LEN=56 MARK=0x1
Aug  5 03:23:16 xen-dom0 kernel: [116137.586631] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.159 DST=151.99.125.2 LEN=61 TOS=0x00 PREC=0x00
TTL=63 ID=18397 DF PROTO=UDP SPT=40800 DPT=53 LEN=41 MARK=0x1
Aug  5 03:23:20 xen-dom0 kernel: [116141.485414] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.233 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00
TTL=63 ID=14900 DF PROTO=UDP SPT=40872 DPT=53 LEN=40 MARK=0x1
Aug  5 03:23:21 xen-dom0 kernel: [116142.495375] DROP!!! IN=eth1
OUT=ppp0 SRC=192.168.1.159 DST=151.99.250.2 LEN=61 TOS=0x00 PREC=0x00
TTL=63 ID=19648 DF PROTO=UDP SPT=54127 DPT=53 LEN=41 MARK=0x1

--- End Message ---

--- Begin Message ---

• To: 591734-done@bugs.debian.org,727916-done@bugs.debian.org,639081-done@bugs.debian.org,
• Cc: l7-filter-userspace@packages.debian.org, l7-filter-userspace@packages.qa.debian.org
• Subject: Bug#735185: Removed package(s) from unstable
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Mon, 17 Feb 2014 12:50:11 +0000
• Message-id: <[🔎] E1WFNeF-0005RT-HA@franck.debian.org>

Version: 0.12-beta1-2+rm

Dear submitter,

as the package l7-filter-userspace has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/735185

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)

--- End Message ---