alakesh / opendpi Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/opendpi
License: GNU Lesser General Public License v3.0
Automatically exported from code.google.com/p/opendpi
License: GNU Lesser General Public License v3.0
I'm trying to block all traffic for about 1 minute for users that use
bittorrent. To accomplish that I used the following 2 rules:
Rule 1:
iptables -I FORWARD 1 -m recent --name badguy --rcheck --seconds 60 -j DROP
Rule 2:
iptables -I FORWARD 2 -m recent --name badguy --set -j DROP -m opendpi
--bittorrent
I also tried:
iptables -I FORWARD 2 -m recent --name badguy --set -m opendpi --bittorrent -j
DROP
And:
iptables -I FORWARD 2 -j DROP -m recent --name badguy --set -m opendpi
--bittorrent
This doesn't work! because -m recent marks all traffic at rule 2 and then the
rule 1 blocks it for 60 seconds
Is this a bug? Is there another way of doing this?
What version of the product are you using? On what operating system?
Scientific Linux 6.1
kernel 2.6.32-220.2.1.el6.x86_64
OpenDPI V1.3
Netfilter wrapper for OpenDPI 1.2
Thanks
Fernando Reis
Original issue reported on code.google.com by [email protected]
on 19 Jan 2012 at 4:09
1.I have gone thru the sample example code available in the Opendpi package.I
have done code walk thru with the example code.I dont see any RegEx search
involved in OpenDPI.
2.All I can see is layer3/4/5 protocol detection.
2.My query is can OPEN DPI capable of doing RegEx search??
I might be bit naive in asking this question so any Suggestion is appreciated
Regards
Raghu
Original issue reported on code.google.com by [email protected]
on 1 Jun 2011 at 5:20
I've followed the instructions for installation. enabling appropriate kernel
features and patching the opendpi source. upon running make, I get the
following error.
make -C /lib/modules/2.6.35-20-generic-pae/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-headers-2.6.35-20-generic-pae'
CC [M] /usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.o
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:452: warning:
âstruct xt_match_paramâ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:452: warning: its
scope is only this definition or declaration, which is probably not what you
want
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c: In function
âopendpi_mtâ:
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:461: error:
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:597: warning:
initialization from incompatible pointer type
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:598: warning:
initialization from incompatible pointer type
make[3]: *** [/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.o] Error 1
make[2]: *** [_module_/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src] Error
2
make[2]: Leaving directory `/usr/src/linux-headers-2.6.35-20-generic-pae'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src'
make: *** [all] Error 2
Any clues?
Regards,
Tom
Original issue reported on code.google.com by [email protected]
on 27 Oct 2010 at 2:58
What steps will reproduce the problem?
1. Setup OpenDPI netfilter rule to match the battlefield protocol
2. run "watch -n0 iptables -nvL" and monitor the matched packet count
3. Run BF2 and join a server
What is the expected output? What do you see instead?
Expect to see packets match the rule but non match at all
What version of the product are you using? On what operating system?
1.2.0 on Debian Linux 6.0 (Squeeze)
Please provide any additional information below.
The battlefield protocol match patterns seem to search for the string "battlefield2" and a few other things. By using tcpdump and wireshark I have not been able to locate either of these patterns for battlefield 2.
I have reversed the server information packet that is sent to the client on
each connection to the server and modified the battlefield.c source, this works
great and I am able to reliably detect BF2 connections.
I have attached the patch to fix this, but it needs review as BF2 matching may
need to be broken out from BF1942 since this packet is sent only once and the
BF1942 code is designed to sample every N ms.
Original issue reported on code.google.com by [email protected]
on 25 Mar 2011 at 3:44
Attachments:
change first protocol letter multiple comparisons to strpbrk; this makes code
more readable and could increase some performance
change order of checks in whole command comparisons; NTFY is the most frequent
message so this will reduce memcmp calls - increase performance
change search for MGCP string inside packet; code more readable and without
using extra variables and loops probably faster (depend on implementation of
strstr)
Original issue reported on code.google.com by [email protected]
on 22 Oct 2012 at 6:15
my error message is :
make -C ipt
make[1]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[2]: `libxt_opendpi.so' is up to date.
make[2]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
rm -r opendpi_cpy
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make -C src
make[1]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make -C /lib/modules/2.6.28/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.28'
CC [M] /usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning:
‘struct nf_ct_event’ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: its
scope is only this definition or declaration, which is probably not what you
want
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
‘opendpi_conntrack_event’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:364: error:
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:383: error: variable
‘osdpi_notifier’ has initializer but incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: error: unknown
field ‘fcn’ specified in initializer
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: excess
elements in struct initializer
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: (near
initialization for ‘osdpi_notifier’)
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:2: error: invalid
preprocessing directive #opendpi_mt
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:458: warning:
‘struct xt_action_param’ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
‘opendpi_mt’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:467: error:
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
‘opendpi_cleanup’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:592: warning: passing
argument 1 of ‘nf_conntrack_unregister_notifier’ from incompatible pointer
type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624: warning:
initialization from incompatible pointer type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
‘opendpi_mt_init’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:678: warning: passing
argument 1 of ‘nf_conntrack_register_notifier’ from incompatible pointer
type
make[3]: *** [/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o] Error 1
make[2]: *** [_module_/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src] Error
2
make[2]: Leaving directory `/usr/src/linux-2.6.28'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2
and
my linux kernel is 2.6.28.
Help me
Original issue reported on code.google.com by [email protected]
on 23 Sep 2011 at 8:41
Steps to reproduce the problem:
1. ./configure goes through fine.
2. But when doing make, it fails on ipq_main.c
make[1]: Entering directory `/root/opendpi-1.2.0/src/lib'
/bin/sh ../../libtool --tag=CC --mode=compile gcc -DPACKAGE_NAME=\"OpenDPI\"
-DPACKAGE_TARNAME=\"opendpi\" -DPACKAGE_VERSION=\"1.2.0\"
-DPACKAGE_STRING=\"OpenDPI\ 1.2.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\"
-DPACKAGE=\"opendpi\" -DVERSION=\"1.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1
-DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_NETINET_IN_H=1 -DHAVE_STDINT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -I. -I../../src/include/
-g -O2 -MT ipq_main.lo -MD -MP -MF .deps/ipq_main.Tpo -c -o ipq_main.lo
ipq_main.c
libtool: compile: gcc -DPACKAGE_NAME=\"OpenDPI\" -DPACKAGE_TARNAME=\"opendpi\"
-DPACKAGE_VERSION=\"1.2.0\" "-DPACKAGE_STRING=\"OpenDPI 1.2.0\""
-DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"opendpi\"
-DVERSION=\"1.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DLT_OBJDIR=\".libs/\" -DHAVE_NETINET_IN_H=1 -DHAVE_STDINT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -I. -I../../src/include/
-g -O2 -MT ipq_main.lo -MD -MP -MF .deps/ipq_main.Tpo -c ipq_main.c -fPIC
-DPIC -o .libs/ipq_main.o
In file included from /usr/include/linux/tcp.h:21,
from ipq_main.h:37,
from ipq_main.c:24:
/usr/include/asm/byteorder.h:6:2: warning: #warning using private kernel
header; include <endian.h> instead!
In file included from /usr/include/netinet/ip6.h:23,
from ipq_main.h:46,
from ipq_main.c:24:
/usr/include/netinet/in.h:354: error: syntax error before '(' token
/usr/include/netinet/in.h:354: error: syntax error before "__u32"
/usr/include/netinet/in.h:355: error: syntax error before '(' token
/usr/include/netinet/in.h:355: error: syntax error before "__u16"
/usr/include/netinet/in.h:357: error: syntax error before '(' token
/usr/include/netinet/in.h:357: error: syntax error before "__u32"
/usr/include/netinet/in.h:359: error: syntax error before '(' token
/usr/include/netinet/in.h:359: error: syntax error before "__u16"
make[1]: *** [ipq_main.lo] Error 1
make[1]: Leaving directory `/root/opendpi-1.2.0/src/lib'
make: *** [all-recursive] Error 1
Kernel Version is:
$ uname -rvm
2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686
Libpcap is:
$ rpm -qa | grep pcap
libpcap-0.8.3-10.RHEL4
GCC version is:
$ gcc -v
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.6 20060404 (Red Hat 3.4.6-8)
Make version is:
$ make -v
GNU Make 3.80
Original issue reported on code.google.com by [email protected]
on 28 Jul 2010 at 1:22
I'm trying to compile wrapper ver.1.1 and ver.1.2.
I get the exact same error:
make[2]: warning: jobserver unavailable: using -j1. Add `+' to parent make
rule.
LD /var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
CC [M] /var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_mt’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:478:2: warning: passing argument 1 of
‘nf_ct_is_untracked’ from incompatible pointer type
include/net/netfilter/nf_conntrack.h:305:50: note: expected ‘const struct
nf_conn *’ but argument is of type ‘const struct sk_buff *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_cleanup’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:609:9: warning: passing argument 1 of
‘nf_conntrack_unregister_notifier’ from incompatible pointer type
include/net/netfilter/nf_conntrack_ecache.h:71:13: note: expected ‘struct net
*’ but argument is of type ‘struct nf_ct_event_notifier *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:609:9: error: too few arguments to
function ‘nf_conntrack_unregister_notifier’
include/net/netfilter/nf_conntrack_ecache.h:71:13: note: declared here
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_mt_init’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:695:9: warning: passing argument 1 of
‘nf_conntrack_register_notifier’ from incompatible pointer type
include/net/netfilter/nf_conntrack_ecache.h:70:12: note: expected ‘struct net
*’ but argument is of type ‘struct nf_ct_event_notifier *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:695:9: error: too few arguments to
function ‘nf_conntrack_register_notifier’
include/net/netfilter/nf_conntrack_ecache.h:70:12: note: declared here
I have: Kernel 3.2.0 x64 Gentoo, iptables 1.4.12.1
I fixed some errors when using: opendpi-netfilter-wrapper-1.1_2.6.36.patch,
opendpi-netfilter-wrapper-1.1_2.6.35_v3.patch
How fix this truble?
Original issue reported on code.google.com by [email protected]
on 9 Jan 2012 at 12:35
What steps will reproduce the problem?
1. make modules_install
2. cp ipt/libxt_opendpi.so /lib/xtables
3. modprobe xt_opendpi
What is the expected output? What do you see instead?
FATAL: Module xt_opendpi not found.
What version of the product are you using? On what operating system?
2.6.38-8-server #42-Ubuntu
Please provide any additional information below.
For some reason I can't get iptables to work with opendpi, the help function
comes up and all the options eg: --bittorrent etc, but I can't put the likes of
this in...
iptables -A FORWARD -s 172.16.20.0/24 -m opendpi --http
iptables -A INPUT -s 172.16.20.0/24 -m opendpi --http -j ACCEPT
iptables -A OUTPUT -s 172.16.20.0/24 -m opendpi --http -j ACCEPT
For some reason it just keeps coming up with...
iptables: No chain/target/match by that name.
If I take the -m opendpi out the rule works just fine.
Cheers
Dan
Original issue reported on code.google.com by [email protected]
on 8 Jul 2011 at 5:27
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 3 Feb 2012 at 1:51
What steps will reproduce the problem?
1. Cross compile opendpi-1.2.0 to MIPS32 platform
2. Cross compile opendpi-netfilter-wrapper-1.1 to MIPS platform according to
the instructions.
3. Copy the libxt_opendpi.so file to /lib/xtables directory and xt_opendpi.ko
to the /lib/modules directory on the target.
4. # modprobe xt_opendpi
xt_opendpi 0.1 (OpenDPI wrapper module).
5. # iptables -m opendpi --help
iptables v1.4.10: Couldn't find match `opendpi'
Try `iptables -h' or 'iptables --help' for more information.
What is the expected output? What do you see instead?
The command display available protocols we can match for in every packet.
Instead we are seeing #5 error message mentioned above.
What version of the product are you using? On what operating system?
We are using opendpi-1.2.0 and opendpi-netfilter-wrapper-1.1.
Iptables version is 1.4.10
Kernel version is 2.6.30 on MIPS32.
Please provide any additional information below.
Toolchain used is mips-linux-uclibc-gcc.
Original issue reported on code.google.com by [email protected]
on 27 Apr 2011 at 1:03
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Hi all,
when i am creating work queue's per connection based (srcIp and dstIp)and
caling opendpi for protocol detection then i am getting maximum protocols as
unknown.can any one give me the idea where i am doing wrong or opendpi itself
behaving in that matter...
thanx in advance.
Original issue reported on code.google.com by [email protected]
on 23 Feb 2012 at 7:21
Is there anything i can do to get through this compile?
make -C src
make[1]: Entering directory `/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
cp /tmp/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /tmp/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make -C /lib/modules/2.6.38.8/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.38-gentoo-r6'
LD /tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
CC [M] /tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: 'struct
nf_ct_event' declared inside parameter list
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: its scope
is only this definition or declaration, which is probably not what you want
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
'opendpi_conntrack_event':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:364: error: dereferencing
pointer to incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:383: error: variable
'osdpi_notifier' has initializer but incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: error: unknown field
'fcn' specified in initializer
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: excess
elements in struct initializer
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: (near
initialization for 'osdpi_notifier')
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457: warning: 'struct
xt_match_param' declared inside parameter list
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 'opendpi_mt':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:466: error: dereferencing
pointer to incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:475: warning: passing
argument 1 of 'nf_ct_is_untracked' from incompatible pointer type
include/net/netfilter/nf_conntrack.h:293: note: expected 'const struct nf_conn
*' but argument is of type 'const struct sk_buff *'
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
'opendpi_cleanup':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:591: error: implicit
declaration of function 'nf_conntrack_unregister_notifier'
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623: warning:
initialization from incompatible pointer type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624: warning:
initialization from incompatible pointer type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
'opendpi_mt_init':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:677: error: implicit
declaration of function 'nf_conntrack_register_notifier'
At top level:
cc1: warning: unrecognized command line option "-Wno-unused-but-set-variable"
make[3]: *** [/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o] Error 1
make[2]: *** [_module_/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src] Error 2
make[2]: Leaving directory `/usr/src/linux-2.6.38-gentoo-r6'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2
Original issue reported on code.google.com by [email protected]
on 12 Aug 2011 at 3:12
Can OpenDPI label the packets?
I want to label the packets with its application protocols. such as
http protocol, in other way, I want to mark its application protocol
in the packet.
if it can, how to do this?
Original issue reported on code.google.com by [email protected]
on 14 Oct 2011 at 8:34
Hi, I tried to compile opendpi-netfilter-wrapper-1.2 into kernel 2.6.39 for
archlinux , when make ,the following error occurred:
.../opendpi-netfilter-wrapper-1.2/wrapper # make
make -C ipt
make[1]: Entering directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[2]: `libxt_opendpi.so' is up to date.
make[2]: Leaving directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
rm -r opendpi_cpy
make[1]: Leaving directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make -C src
make[1]: Entering directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make -C /lib/modules/2.6.39-ARCH/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.39-ARCH'
LD /usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
CC [M] /usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:52:
warning: ‘struct xt_match_param’ declared inside parameter list [enabled by
default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:52:
warning: its scope is only this definition or declaration, which is probably
not what you want [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function
‘opendpi_mt’:
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:466:44: error:
dereferencing pointer to incomplete type
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:475:2: warning:
passing argument 1 of ‘nf_ct_is_untracked’ from incompatible pointer type
[enabled by default]
include/net/netfilter/nf_conntrack.h:306:19: note: expected ‘const struct
nf_conn *’ but argument is of type ‘const struct sk_buff *’
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623:2: warning:
initialization from incompatible pointer type [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623:2: warning:
(near initialization for ‘opendpi_mt_reg.match’) [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624:2: warning:
initialization from incompatible pointer type [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624:2: warning:
(near initialization for ‘opendpi_mt_reg.checkentry’) [enabled by default]
make[3]: *** [/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o]
Error 1
make[2]: *** [_module_/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src]
Error 2
make[2]: Leaving directory `/usr/src/linux-2.6.39-ARCH'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2
anybody help me? Thanks in advance!
Original issue reported on code.google.com by [email protected]
on 28 Jul 2011 at 6:59
The autotools-base build systems generate lots of intermediate files, need an
'autogen.sh' step before creating a distributable release, are slow, cryptic,
and depend on the version of autotools installed on the build machine.
You end up inserting lots of awful stuff into the autoconf and automake sources
to keep portability.
And I'm not talking about libtool hell.
For such a small project, it would be handy to have something more efficient,
easier to maintain and extend, and that relies on as few external dependencies
as possible.
Waf is designed that way, you only need python, that's all (and a C toolchain,
obviously, because it is a C project). And since you include the waf script
(i.e. the _whole_ build system) with the sources, you are certain everyone has
the same version of the build system.
Here is a patch that adds the waf build system, a wscript (replaces ALL the
configure and makefiles of the project in 31 lines) and updates README and NEWS
accordingly.
Thanks for taking a few minutes to at least look at it before saying "It's not
autotools, we don't want that", I'm sure you'll be convinced.
With kind regards,
Lionel
Original issue reported on code.google.com by [email protected]
on 24 Jun 2011 at 3:17
What steps will reproduce the problem?
iptables -F -t mangle
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p udp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --truphone -j MARK
--set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --rtp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --truphone -j MARK
--set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --rtp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A POSTROUTING -o ppp+ -m mark --mark 1 -j CLASSIFY
--set-class 1:10
There is huge amount of kernel warrning "xt_opendpi: ignoring untracked sk_buff"
What version of the product are you using? On what operating system?
opendpi-1.2.0
opendpi-netfilter-wrapper-1.1 with opendpi-netfilter-wrapper-1.1_2.6.35_v2.patch
Linux 2.6.37 SMP i686 Intel(R) Xeon(TM) CPU 3.06GHz GenuineIntel
iptables v1.4.2
Original issue reported on code.google.com by [email protected]
on 27 Jan 2011 at 10:29
What steps will reproduce the problem?
1. openwrt backfire insmod give erro xt_opendpi: Unknown symbol
nf_conntrack_register_notifier
2.
3.
What is the expected output? What do you see instead?
xt_opendpi: Unknown symbol nf_conntrack_register_notifier
What version of the product are you using? On what operating system?
openwrt backfire rc5 kernel 2.6.32.27
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 26 Dec 2011 at 9:13
What steps will reproduce the problem?
1. sudo apt-get install gcc make libpcap-dev
2.
3.
What is the expected output? What do you see instead?
apt-get command not found
What version of the product are you using? On what operating system?
2.6.23.1-42.fc8
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 9 Jan 2010 at 8:08
What steps will reproduce the problem?
1. Download OpenDPI with
http://opendpi.googlecode.com/files/OpenDPI_1.0.1.tar.gz
2. untar and in the OpenDPI directory run make
3. [root@localhost OpenDPI]# uname -r
2.6.29.4-167.fc11.i586
What is the expected output? What do you see instead?
compile fails as:
OpenDPI]# make
cd ./lib && cc -c -I ../include -O2 -g -pipe -Wall -Wimplicit -Wunused
-Wcomment -Wchar-subscripts -Wuninitialized -Wparentheses -Wformat -Winline
-Wreturn-type -fPIC -Wmissing-prototypes -Wundef -Wstrict-prototypes
-Wno-trigraphs -fno-strict-aliasing -fno-common
-Werror-implicit-function-declaration -maccumulate-outgoing-args
-Wno-sign-compare -fno-asynchronous-unwind-tables -fomit-frame-pointer
-Werror -D_FILE_OFFSET_BITS=64 *.c
cd ./lib/protocols && cc -c -I .. -I ../../include -O2 -g -pipe -Wall
-Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized
-Wparentheses -Wformat -Winline -Wreturn-type -fPIC -Wmissing-prototypes
-Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common
-Werror-implicit-function-declaration -maccumulate-outgoing-args
-Wno-sign-compare -fno-asynchronous-unwind-tables -fomit-frame-pointer
-Werror -D_FILE_OFFSET_BITS=64 *.c
ar rcs ./libOpenDPI.a ./lib/*.o ./lib/protocols/*.o
cc -O2 -g -pipe -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts
-Wuninitialized -Wparentheses -Wformat -Winline -Wreturn-type -fPIC
-Wmissing-prototypes -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-maccumulate-outgoing-args -Wno-sign-compare
-fno-asynchronous-unwind-tables -fomit-frame-pointer -Werror
-D_FILE_OFFSET_BITS=64 -I include OpenDPI_demo.c libOpenDPI.a -lpcap -o
OpenDPI_demo
OpenDPI_demo.c:37:18: error: pcap.h: No such file or directory
OpenDPI_demo.c:45: error: âPCAP_ERRBUF_SIZEâ undeclared here (not in a
function)
OpenDPI_demo.c:46: error: expected â=â, â,â, â;â, âasmâ or
â__attribute__â
before â*â token
OpenDPI_demo.c: In function âopenPcapFileâ:
OpenDPI_demo.c:465: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:465: error: (Each undeclared identifier is reported only once
OpenDPI_demo.c:465: error: for each function it appears in.)
OpenDPI_demo.c:465: error: implicit declaration of function
âpcap_open_offlineâ
OpenDPI_demo.c:471: error: implicit declaration of function âpcap_datalinkâ
OpenDPI_demo.c: In function âclosePcapFileâ:
OpenDPI_demo.c:476: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:477: error: implicit declaration of function âpcap_closeâ
cc1: warnings being treated as errors
OpenDPI_demo.c: At top level:
OpenDPI_demo.c:482: error: âstruct pcap_pkthdrâ declared inside parameter list
OpenDPI_demo.c:482: error: its scope is only this definition or
declaration, which is probably not what you want
OpenDPI_demo.c: In function âpcap_packet_callbackâ:
OpenDPI_demo.c:493: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:494: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:505: error: âDLT_EN10MBâ undeclared (first use in this
function)
OpenDPI_demo.c:506: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:508: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:508: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:528: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:528: error: dereferencing pointer to incomplete type
OpenDPI_demo.c: In function ârunPcapLoopâ:
OpenDPI_demo.c:535: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:536: error: implicit declaration of function âpcap_loopâ
make: *** [demo_program] Error 1
[root@localhost OpenDPI]#
What version of the product are you using? On what operating system?
2.6.29.4-167.fc11.i586
Original issue reported on code.google.com by [email protected]
on 6 Oct 2009 at 2:19
Here is the error I'm getting when trying to compile.
My distribution is Centos 5.5
Kernel: 2.6.18-194.32.1.el5
OPENDPI_PATH=/usr/local/src/opendpi-1.3.0 make
make -C ipt
make[1]: Entering directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c:34: warning: ‘struct xt_entry_match’ declared inside
parameter list
libxt_opendpi.c:34: warning: its scope is only this definition or declaration,
which is probably not what you want
libxt_opendpi.c: In function ‘opendpi_mt4_save’:
libxt_opendpi.c:36: error: dereferencing pointer to incomplete type
libxt_opendpi.c: At top level:
libxt_opendpi.c:49: warning: ‘struct xt_entry_match’ declared inside
parameter list
libxt_opendpi.c: In function ‘opendpi_mt4_print’:
libxt_opendpi.c:51: error: dereferencing pointer to incomplete type
libxt_opendpi.c: At top level:
libxt_opendpi.c:64: warning: ‘struct xt_entry_match’ declared inside
parameter list
libxt_opendpi.c: In function ‘opendpi_mt4_parse’:
libxt_opendpi.c:66: error: dereferencing pointer to incomplete type
libxt_opendpi.c:76: error: ‘true’ undeclared (first use in this function)
libxt_opendpi.c:76: error: (Each undeclared identifier is reported only once
libxt_opendpi.c:76: error: for each function it appears in.)
libxt_opendpi.c:80: error: ‘false’ undeclared (first use in this function)
libxt_opendpi.c: In function ‘opendpi_mt_check’:
libxt_opendpi.c:91: warning: implicit declaration of function ‘exit_error’
libxt_opendpi.c:91: error: ‘PARAMETER_PROBLEM’ undeclared (first use in
this function)
libxt_opendpi.c: At top level:
libxt_opendpi.c:111: warning: ‘struct xt_entry_match’ declared inside
parameter list
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:113: error: dereferencing pointer to incomplete type
libxt_opendpi.c:113: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:121: error: variable ‘opendpi_mt4_reg’ has initializer but
incomplete type
libxt_opendpi.c:122: error: unknown field ‘version’ specified in initializer
libxt_opendpi.c:122: error: ‘XTABLES_VERSION’ undeclared here (not in a
function)
libxt_opendpi.c:122: warning: excess elements in struct initializer
libxt_opendpi.c:122: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:123: error: unknown field ‘name’ specified in initializer
libxt_opendpi.c:123: warning: excess elements in struct initializer
libxt_opendpi.c:123: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:124: error: unknown field ‘revision’ specified in
initializer
libxt_opendpi.c:124: warning: excess elements in struct initializer
libxt_opendpi.c:124: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:125: error: unknown field ‘family’ specified in initializer
libxt_opendpi.c:125: warning: excess elements in struct initializer
libxt_opendpi.c:125: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:126: error: unknown field ‘size’ specified in initializer
libxt_opendpi.c:126: warning: implicit declaration of function ‘XT_ALIGN’
libxt_opendpi.c:126: warning: excess elements in struct initializer
libxt_opendpi.c:126: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:127: error: unknown field ‘userspacesize’ specified in
initializer
libxt_opendpi.c:127: warning: excess elements in struct initializer
libxt_opendpi.c:127: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:128: error: unknown field ‘help’ specified in initializer
libxt_opendpi.c:128: warning: excess elements in struct initializer
libxt_opendpi.c:128: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:129: error: unknown field ‘init’ specified in initializer
libxt_opendpi.c:129: warning: excess elements in struct initializer
libxt_opendpi.c:129: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:130: error: unknown field ‘parse’ specified in initializer
libxt_opendpi.c:130: warning: excess elements in struct initializer
libxt_opendpi.c:130: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:131: error: unknown field ‘final_check’ specified in
initializer
libxt_opendpi.c:131: warning: excess elements in struct initializer
libxt_opendpi.c:131: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:132: error: unknown field ‘print’ specified in initializer
libxt_opendpi.c:132: warning: excess elements in struct initializer
libxt_opendpi.c:132: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:133: error: unknown field ‘save’ specified in initializer
libxt_opendpi.c:133: warning: excess elements in struct initializer
libxt_opendpi.c:133: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:134: error: unknown field ‘extra_opts’ specified in
initializer
libxt_opendpi.c:134: warning: excess elements in struct initializer
libxt_opendpi.c:134: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c: In function ‘_init’:
libxt_opendpi.c:143: error: ‘false’ undeclared (first use in this function)
libxt_opendpi.c:151: warning: implicit declaration of function
‘xtables_register_match’
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make: *** [all] Error 2
Is it possible I can compile netfilter-wrapper under < 2.6.35 kernel?
Original issue reported on code.google.com by [email protected]
on 8 Feb 2012 at 12:35
Hi,
The attached patch provides adds FreeBSD support to OpenDPI (and it should
also work with other BSDs as well).
Let me know if you're also interested in a patch that adds basic CMake
support, compiling it as a shared library instead too.
Regards,
Original issue reported on code.google.com by [email protected]
on 6 Oct 2009 at 5:09
Attachments:
What steps will reproduce the problem?
1. Fedora 13 + all updates
2. make in wrapper directory
3.
What is the expected output? What do you see instead?
This is my command line output:
[root@s1 wrapper]# make
make -C ipt
make[1]: Entering directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
if test -d opendpi_cpy; then \
cp /media/DATA/__neu_AXP/opendpi_wrapper_axp/opendpi-1.2.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /media/DATA/__neu_AXP/opendpi_wrapper_axp/opendpi-1.2.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:115: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:132: warning: implicit declaration of function ‘ALIGN’
libxt_opendpi.c:132: error: initializer element is not constant
libxt_opendpi.c:132: error: (near initialization for ‘opendpi_mt4_reg.size’)
libxt_opendpi.c:133: error: initializer element is not constant
libxt_opendpi.c:133: error: (near initialization for
‘opendpi_mt4_reg.userspacesize’)
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
make: *** [all] Error 2
What version of the product are you using? On what operating system?
Fedora 13 with 2.6.34.7-66.fc13.i686.PAE kernel
kernel-devel, iptables-devel, kernel-headers-2.6.34.7-66.fc13 installed
opendpi wrapper 1.1 without special patches and opendpi 1.2
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 24 Feb 2011 at 2:31
Hi,
Please tell me how and where to integrate OpenDPI engine with ATCA PP-50 device.
Thanks in advance,
Nirmala
Original issue reported on code.google.com by [email protected]
on 8 Jun 2010 at 5:37
Hi,
The attached patch fixes a problem with BitTorrent detection. The 1.0.1
code will enter detection stage 1 after the first packet analyzed in the
flow. However, the first packet in the flow generally corresponds to the
TCP handshake, without a payload. Even then, the code enters stage 1 and so
stage 0 analysis is never performed for that flow anymore.
The attached patch corrects this behavior by not entering stage 0 analysis
or bumping the detection stage to stage 1 unless there is a payload.
Running the vanilla OpenDPI demo on a pcap file created by downloading 5%
of a Ubuntu ISO with rTorrent shows 4054 unknown packets. After patching
and recompiling, there are only 154 unknown packets and 3907 packets were
recognized as BitTorrent traffic.
I unfortunately can't provide the pcap file because it contains sensitive
data. However, if you can't reproduce it, I might be able to filter out
that sensitive stuff out of the pcap and hand it to you guys.
The attached patch is in unified diff format and should apply cleanly
against bittorrent.c from the 1.0.1 release.
Original issue reported on code.google.com by [email protected]
on 9 Oct 2009 at 7:54
Attachments:
What steps will reproduce the problem?
1.
2.
3.
What is the expected output? What do you see instead?
What version of the product are you using? On what operating system?
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 24 Feb 2012 at 11:18
What steps will reproduce the problem?
1. Compiling opendpi-wrapper 1.2.0 on a SLES 10 system
What is the expected output?
A compiled module
What do you see instead?
make -C ipt
make[1]: Entering directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
cp /root/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
mkdir opendpi_cpy; \
cp /root/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c: In function ‘opendpi_mt4_save’:
libxt_opendpi.c:36: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt4_print’:
libxt_opendpi.c:51: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt4_parse’:
libxt_opendpi.c:66: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:113: error: dereferencing pointer to incomplete type
libxt_opendpi.c:113: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:129: warning: initialization from incompatible pointer type
libxt_opendpi.c:130: warning: initialization from incompatible pointer type
libxt_opendpi.c:132: warning: initialization from incompatible pointer type
libxt_opendpi.c:133: warning: initialization from incompatible pointer type
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make: *** [all] Error 2
What version of the product are you using?
OPENDPI 1.3.0
OPENDPI-NETWRAPPER 1.2.0
On what operating system?
SLES 10 SP3 with IPtables 1.4.2
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 6 Mar 2012 at 4:10
What steps will reproduce the problem?
1. Insmod xt_opendip.ko and later nf_conntrack_netlink.ko or vice-versa.
What is the expected output? What do you see instead?
shows device or resource busy.
What version of the product are you using? On what operating system?
working with fedora12 kernel version 2.6.32.21
Please provide any additional information below.
console log shows:
insmod: error inserting 'src/xt_opendpi.ko': -1 Device or resource busy
dmesg shows:
ctnetlink v0.93: registering with nfnetlink.
xt_opendpi 0.1 (OpenDPI wrapper module).
xt_opendpi: error registering notifier.
This will happen if You have CONFIG_NF_CONNTRACK_EVENTS enabled.
#ifdef CONFIG_NF_CONNTRACK_EVENTS
ret = nf_conntrack_register_notifier(&ctnl_notifier);
if (ret < 0) {
pr_err("ctnetlink_init: cannot register notifier.\n");
goto err_unreg_exp_subsys;
}
ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp);
if (ret < 0) {
pr_err("ctnetlink_init: cannot expect register notifier.\n");
goto err_unreg_notifier;
}
#endif
Above code is from ctnetlink_init function.
nf_conntrack_register_notifier code is exclusive and protected by rcu locking.
We may not be able to use both nf_conntrack_netlink( needed for
conntrack-tools) and opendpi with both registering notifier for events.
Original issue reported on code.google.com by shail140284
on 22 Oct 2010 at 5:59
When using ipp2p with conntrack states, the following syntax works:
iptables -A OUTPUT -p tcp -m ipp2p --winmx -m conntrack --ctstate ESTABLISHED
-j DROP
This same syntax using the opendpi module does NOT work. Eg:
iptables -A OUTPUT -p tcp -m opendpi --winmx -m conntrack --ctstate ESTABLISHED
-j DROP
...gives an error:
xt_opendpi: You need to specify at least one protocol
Switching the order of operators fixes the problem, but this appears to be
inconsistent with other modules:
iptables -A OUTPUT -p tcp -m opendpi -m conntrack --ctstate ESTABLISHED --winmx
-j DROP
I'm trying to add support for OpenDPI in Shorewall, and this change of syntax
is causing issues.
Thanks in advance!
Original issue reported on code.google.com by [email protected]
on 18 Jul 2011 at 6:08
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.