Under debian etch I'm trying to patch iptables using the debian tool apt-build. I'm using the "--patch" option of apt-build to get the tproxy patch included, and it looks like the source tree is being patched. The problem at this point seems to be that the resulting .deb package doesn't know that the new libipt_TPROXY.so library is supposed to be part of the package after the patch. I haven't yet tried to just get the iptables source from netfilter.org and patch the standard tree, because I'd really prefer to stay in the debian world to do all this. Can anyone provide instructions or hints for easily building a .deb of iptables that includes the tproxy patch? I'm not necessarily committed to using apt-build, but that tool's "--patch" option did seem to be the easiest approach. I am open to other approaches.
Hi, I do not use apt-build, I have done it "manually": apt-get source iptables cd iptables-1.3.6.0debian1 cd iptables patch -p1 < ../../cttproxy-2.6.18-2.0.6/iptables/iptables-1.3-cttproxy.diff cd ../linux patch -p1 < ../../cttproxy-2.6.18-2.0.6/patch_tree/02-tproxy.patch # ignore all errors, all needed files will be created ... cd .. dch -n "Added TPROXY stuff" dpkg-buildpackage -b -rfakeroot Done...
trying to patch iptables using the debian tool apt-build ... the resulting .deb package doesn't know that the new libipt_TPROXY.so library is supposed to be part of the package after the patch
I have done it "manually":
apt-get source iptables ...
Thanks, your build instructions appeared to work, but I'm still missing something. I get the the following error when I try to use my new iptables: mmiller@xpc3:/usr/src$ sudo iptables -t tproxy -A PRblue\
-p tcp --dport 80 -j TPROXY --on-port 50080 iptables v1.3.6: Unknown arg `--on-port'
The .deb that I build does not seem to know about /lib/iptables/libipt_tproxy.so or /lib/iptables/libipt_TPROXY.so. Neither of these files is listed when I use "dpkg --contents" to list the package's files. extensions/libipt_tproxy.c and extensions/libipt_TPROXY.c are in the iptables build tree after the .deb is built, but the .deb doesn't seem to include the corresponding libraries. In fact, these libraries are not installed when I use "dpkg -i" to install the package.
apt-get source iptables ...
Thanks, your build instructions appeared to work, but ... The .deb that I build does not seem to know about /lib/iptables/libipt_tproxy.so or /lib/iptables/libipt_TPROXY.so.
I hacked extensions/Makefile, adding"tproxy" and "TPROXY" to the definition of PF_EXT_SLIB. I then reran "dpkg-buildpackage" and all is now well. So, I don't know if it's just expected that I'm supposed to manually fix this Makefile, of if I missed some other step in the patching process. Let me know if I've done something I shouldn't have done, but things appear to be working now.
I hacked extensions/Makefile, adding"tproxy" and "TPROXY" to the definition of PF_EXT_SLIB. I then reran "dpkg-buildpackage" and all is now well. So, I don't know if it's just expected that I'm supposed to manually fix this Makefile, of if I missed some other step in the patching process. Let me know if I've done something I shouldn't have done, but things appear to be working now.
I do not exactly remember this problem (I compiled this package few months ago), but I think that it is caused because tproxy-iptables patch creates files that should be executable. After iptables patch you should probably run: chmod +x extensions/.*-test Regards
participants (2)
-
Matt Miller
-
Michal Pokrywka