Re: [tproxy] libipt_TPROXY.so not compiled

4 Sep 2007

      Hello Laszlo,

I downloaded the latest tproxy version and tried from scratch and
attempted the below.

root@syd-log01:/root# tar -zxf tproxy-4.0.2-2.6.22.tgz
root@syd-log01:/root# cd /usr/src/iptables-1.3.6/
root@syd-log01:/usr/src/iptables-1.3.6# cat
/root/tproxy-4.0.2-2.6.22/patches/
iptables-svn.diff  tproxy.diff       
root@syd-log01:/usr/src/iptables-1.3.6# cat
/root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1
patching file extensions/libip6t_tproxy.man
patching file extensions/libipt_tproxy.man
patching file extensions/libipt_TPROXY.man
patching file extensions/libxt_tproxy.c
patching file extensions/libxt_TPROXY.c
patching file extensions/libxt_tproxy.c.old
patching file extensions/Makefile
Hunk #1 succeeded at 25 (offset -4 lines).
Hunk #2 succeeded at 127 (offset -19 lines).
Hunk #3 succeeded at 141 (offset -19 lines).
Hunk #4 succeeded at 155 (offset -19 lines).
Hunk #5 succeeded at 169 (offset -19 lines).
patching file extensions/.tproxy-testx
root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx
root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
make.log
libiptc/libip4tc.c:130: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libiptc/libiptc.a
libiptc/libip6tc.c:135: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libipq/libipq.a
root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6# ls -la extensions/ | grep -i proxy
-rw-r--r-- 1 root root     51 2007-09-04 16:40 libip6t_tproxy.man
-rw-r--r-- 1 root root     51 2007-09-04 16:40 libipt_tproxy.man
-rw-r--r-- 1 root root    790 2007-09-04 16:40 libipt_TPROXY.man
-rw-r--r-- 1 root root   1914 2007-09-04 16:40 libxt_tproxy.c
-rw-r--r-- 1 root root   3065 2007-09-04 16:40 libxt_TPROXY.c
-rw-r--r-- 1 root root   1495 2007-09-04 16:40 libxt_tproxy.c.old
-rwxr-xr-x 1 root root    100 2007-09-04 16:40 .tproxy-testx
root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6# locate xt_TPROXY.h
/usr/src/linux-2.6.22.3/include/linux/netfilter/xt_TPROXY.h
root@syd-log01:/usr/src/iptables-1.3.6#
root@syd-log01:/usr/src/iptables-1.3.6# export KERNEL_DIR="/usr/src/linux"
root@syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
TPROXY
tproxy
root@syd-log01:/usr/src/iptables-1.3.6#

root@syd-log01:/usr/src/iptables-1.3.6# make clean
(( removed all the usual stuff ))

root@syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
make.log
libiptc/libip4tc.c:130: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libiptc/libiptc.a
libiptc/libip6tc.c:135: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libipq/libipq.a
root@syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
root@syd-log01:/usr/src/iptables-1.3.6#
/usr/src/iptables-1.3.6/extensions/.tproxy-testx
TPROXY
tproxy
root@syd-log01:/usr/src/iptables-1.3.6#

Regards,
    Lachlan

Laszlo Attila Toth wrote:
...
Hello,
which version of TProxy do you use? libipt_tproxy.c exists only in old
versions  up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c.
Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure
out how can the filename differs from that one if the iptables source
directory is /usr/src/iptables-1.3.8 and you used the patch named as
iptables-r7008-tproxy.diff plus the patch in my previous letter.
By the way what is the output of extensions/.tproxy-testx script?
There is a newer release of tproxy: 4.0.2 - a small fix with modified
iptables.
707ada21efaa107a5c0d7218c5284239  tproxy-4.0.2-2.6.22.tgz
Lachlan Bowes wrote:
...
Hello Laszlo,
I am still seeing this problem.
root@syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT
iptables v1.3.8: Couldn't load match
`tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared
object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
root@syd-log01:/etc#
root@syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so
ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory
root@syd-log01:/etc# locate libipt_tproxy.so
root@syd-log01:/etc# locate libipt_tproxy.c
/usr/src/iptables-1.3.8/extensions/libipt_tproxy.c
root@syd-log01:/etc#
So my problem is more that I cannot get libipt_tproxy.c to compile.
root@syd-log01:/usr/src/iptables-1.3.8# make > make.log
libiptc/libip4tc.c:130: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libiptc/libiptc.a
libiptc/libip6tc.c:135: warning: â€˜dump_entryâ€™ defined but not used
ar: creating libipq/libipq.a
root@syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log
root@syd-log01:/usr/src/iptables-1.3.8#
Laszlo Attila Toth wrote:
...
Hello,
I forgot to set address family in libxt_tproxy.c (match), but
libxt_TPROXY.c (target) works well.
Patch is attached.
You should use the target as:
iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other
parameters>
or
iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other
parameters>
and
iptables -A INPUT -m tproxy -j ACCEPT
TPROXY target should  be used only in the tproxy table's PREROUTING
chain and tproxy match should be used in filter table's INPUT chain.
Also you shouldn't write  ... -m tproxy ... -j TPROXY
Lachlan Bowes írta:
...
Have any of you seen this before?
I followed instructions in README, but to no avail.
Apologies if this is obvious but I am from a FreeBSD background, linux
is not my normal OS so environment is foreign to me.
Regards,
    Lachlan
root@syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a
Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux
root@syd-log01:/root/tproxy-4.0.1-2.6.22#
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
PREROUTING -j TPROXY --on-port 3128
iptables v1.3.8: Unknown arg `--on-port'
Try `iptables -h' or 'iptables --help' for more information.
root@syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
PREROUTING -j TPROXY
iptables v1.3.8: Couldn't load target
`TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared
object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
root@syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod  | grep iptable
iptable_filter          3104  0
iptable_tproxy          6468  0
ip_tables              12420  2 iptable_filter,iptable_tproxy
root@syd-log01:/root/tproxy-4.0.1-2.6.22#
--
Panther