[tproxy] libipt_TPROXY.so not compiled

Lachlan Bowes lbowes at wix.com.au
Tue Sep 4 02:24:17 CEST 2007


Also,

Just in addition, I went into
/usr/src/iptables-1.3.6/extensions/Makefile and added tproxy to PF_EXT_SLIB

PF_EXT_SLIB:=tproxy ah addrtype comment connlimit connmark conntrack
dscp ecn esp hashlimit helper icmp iprange length limit mac mar
k multiport owner physdev pkttype policy realm rpc sctp standard state
tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP EC
N LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME
SNAT TARPIT TCPMSS TOS TRACE TTL ULOG



And the resulting make errors like below.

root at syd-log01:/usr/src/iptables-1.3.6# make
Extensions found: IPv4:CLUSTERIP IPv4:connbytes IPv4:dccp IPv4:quota
IPv4:recent IPv4:statistic IPv4:string IPv6:ah IPv6:esp IPv6:frag
IPv6:ipv6header IPv6:REJECT IPv6:rt
make: *** No rule to make target `extensions/libipt_tproxy_sh.o', needed
by `extensions/libipt_tproxy.so'. Stop.
root at syd-log01:/usr/src/iptables-1.3.6



Still looking for libipt_tproxy instead of libxt_tproxy.

I also couldn't find iptables-r7008-tproxy.diff patch in the tproxy
package but i did use the iptables patch in the patches directory shown
below.

/root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1





Lachlan Bowes wrote:
> Hello Laszlo,
>
> I downloaded the latest tproxy version and tried from scratch and
> attempted the below.
>
> root at syd-log01:/root# tar -zxf tproxy-4.0.2-2.6.22.tgz
> root at syd-log01:/root# cd /usr/src/iptables-1.3.6/
> root at syd-log01:/usr/src/iptables-1.3.6# cat
> /root/tproxy-4.0.2-2.6.22/patches/
> iptables-svn.diff  tproxy.diff       
> root at syd-log01:/usr/src/iptables-1.3.6# cat
> /root/tproxy-4.0.2-2.6.22/patches/iptables-svn.diff | patch -p1
> patching file extensions/libip6t_tproxy.man
> patching file extensions/libipt_tproxy.man
> patching file extensions/libipt_TPROXY.man
> patching file extensions/libxt_tproxy.c
> patching file extensions/libxt_TPROXY.c
> patching file extensions/libxt_tproxy.c.old
> patching file extensions/Makefile
> Hunk #1 succeeded at 25 (offset -4 lines).
> Hunk #2 succeeded at 127 (offset -19 lines).
> Hunk #3 succeeded at 141 (offset -19 lines).
> Hunk #4 succeeded at 155 (offset -19 lines).
> Hunk #5 succeeded at 169 (offset -19 lines).
> patching file extensions/.tproxy-testx
> root at syd-log01:/usr/src/iptables-1.3.6#
> root at syd-log01:/usr/src/iptables-1.3.6# chmod +x extensions/.tproxy-testx
> root at syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
> make.log
> libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
> ar: creating libiptc/libiptc.a
> libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
> ar: creating libipq/libipq.a
> root at syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
> root at syd-log01:/usr/src/iptables-1.3.6#
> root at syd-log01:/usr/src/iptables-1.3.6# ls -la extensions/ | grep -i proxy
> -rw-r--r-- 1 root root     51 2007-09-04 16:40 libip6t_tproxy.man
> -rw-r--r-- 1 root root     51 2007-09-04 16:40 libipt_tproxy.man
> -rw-r--r-- 1 root root    790 2007-09-04 16:40 libipt_TPROXY.man
> -rw-r--r-- 1 root root   1914 2007-09-04 16:40 libxt_tproxy.c
> -rw-r--r-- 1 root root   3065 2007-09-04 16:40 libxt_TPROXY.c
> -rw-r--r-- 1 root root   1495 2007-09-04 16:40 libxt_tproxy.c.old
> -rwxr-xr-x 1 root root    100 2007-09-04 16:40 .tproxy-testx
> root at syd-log01:/usr/src/iptables-1.3.6#
> root at syd-log01:/usr/src/iptables-1.3.6#
> /usr/src/iptables-1.3.6/extensions/.tproxy-testx
> root at syd-log01:/usr/src/iptables-1.3.6#
> root at syd-log01:/usr/src/iptables-1.3.6# locate xt_TPROXY.h
> /usr/src/linux-2.6.22.3/include/linux/netfilter/xt_TPROXY.h
> root at syd-log01:/usr/src/iptables-1.3.6#
> root at syd-log01:/usr/src/iptables-1.3.6# export KERNEL_DIR="/usr/src/linux"
> root at syd-log01:/usr/src/iptables-1.3.6#
> /usr/src/iptables-1.3.6/extensions/.tproxy-testx
> TPROXY
> tproxy
> root at syd-log01:/usr/src/iptables-1.3.6#
>
> root at syd-log01:/usr/src/iptables-1.3.6# make clean
> (( removed all the usual stuff ))
>
> root at syd-log01:/usr/src/iptables-1.3.6# make KERNDIR=/usr/src/linux >
> make.log
> libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
> ar: creating libiptc/libiptc.a
> libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
> ar: creating libipq/libipq.a
> root at syd-log01:/usr/src/iptables-1.3.6# grep -i proxy make.log
> root at syd-log01:/usr/src/iptables-1.3.6#
> /usr/src/iptables-1.3.6/extensions/.tproxy-testx
> TPROXY
> tproxy
> root at syd-log01:/usr/src/iptables-1.3.6#
>
>
>
>
> Regards,
>     Lachlan
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Laszlo Attila Toth wrote:
>   
>> Hello,
>>
>> which version of TProxy do you use? libipt_tproxy.c exists only in old
>> versions  up to 4.0.0. But since 4.0.1 it is libxt_tproxy.c.
>> Directory name is tproxy-4.0.1-2.6.22 - it should work. I cannot figure
>> out how can the filename differs from that one if the iptables source
>> directory is /usr/src/iptables-1.3.8 and you used the patch named as
>> iptables-r7008-tproxy.diff plus the patch in my previous letter.
>>
>> By the way what is the output of extensions/.tproxy-testx script?
>>
>> There is a newer release of tproxy: 4.0.2 - a small fix with modified
>> iptables.
>>
>> 707ada21efaa107a5c0d7218c5284239  tproxy-4.0.2-2.6.22.tgz
>>
>>
>> Lachlan Bowes wrote:
>>   
>>     
>>> Hello Laszlo,
>>>
>>> I am still seeing this problem.
>>>
>>> root at syd-log01:/etc# iptables -A INPUT -m tproxy -j ACCEPT
>>> iptables v1.3.8: Couldn't load match
>>> `tproxy':/usr/local/lib/iptables/libipt_tproxy.so: cannot open shared
>>> object file: No such file or directory
>>>
>>> Try `iptables -h' or 'iptables --help' for more information.
>>> root at syd-log01:/etc#
>>> root at syd-log01:/etc# ls -la /usr/local/lib/iptables/libipt_tproxy.so
>>> ls: /usr/local/lib/iptables/libipt_tproxy.so: No such file or directory
>>> root at syd-log01:/etc# locate libipt_tproxy.so
>>> root at syd-log01:/etc# locate libipt_tproxy.c
>>> /usr/src/iptables-1.3.8/extensions/libipt_tproxy.c
>>> root at syd-log01:/etc#
>>>
>>> So my problem is more that I cannot get libipt_tproxy.c to compile.
>>>
>>> root at syd-log01:/usr/src/iptables-1.3.8# make > make.log
>>> libiptc/libip4tc.c:130: warning: ‘dump_entry’ defined but not used
>>> ar: creating libiptc/libiptc.a
>>> libiptc/libip6tc.c:135: warning: ‘dump_entry’ defined but not used
>>> ar: creating libipq/libipq.a
>>> root at syd-log01:/usr/src/iptables-1.3.8# grep tproxy make.log
>>> root at syd-log01:/usr/src/iptables-1.3.8#
>>>
>>>
>>>
>>> Laszlo Attila Toth wrote:
>>>     
>>>       
>>>> Hello,
>>>>
>>>> I forgot to set address family in libxt_tproxy.c (match), but
>>>> libxt_TPROXY.c (target) works well.
>>>> Patch is attached.
>>>>
>>>> You should use the target as:
>>>>
>>>> iptables -t tproxy -A PREROUTING -p tcp <other options> -j TPROXY <other
>>>> parameters>
>>>> or
>>>> iptables -t tproxy -A PREROUTING -p udp <other options> -j TPROXY <other
>>>> parameters>
>>>>
>>>> and
>>>> iptables -A INPUT -m tproxy -j ACCEPT
>>>>
>>>> TPROXY target should  be used only in the tproxy table's PREROUTING
>>>> chain and tproxy match should be used in filter table's INPUT chain.
>>>> Also you shouldn't write  ... -m tproxy ... -j TPROXY
>>>>
>>>>
>>>>
>>>> Lachlan Bowes írta:
>>>>   
>>>>       
>>>>         
>>>>> Have any of you seen this before?
>>>>>
>>>>> I followed instructions in README, but to no avail.
>>>>>
>>>>> Apologies if this is obvious but I am from a FreeBSD background, linux
>>>>> is not my normal OS so environment is foreign to me.
>>>>>
>>>>> Regards,
>>>>>     Lachlan
>>>>>
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# uname -a
>>>>> Linux syd-log01 2.6.22.3 #1 SMP Tue Aug 28 21:54:20 EST 2007 i686 GNU/Linux
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>>>
>>>>>
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>>>> PREROUTING -j TPROXY --on-port 3128
>>>>> iptables v1.3.8: Unknown arg `--on-port'
>>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# iptables -t tproxy -A
>>>>> PREROUTING -j TPROXY
>>>>> iptables v1.3.8: Couldn't load target
>>>>> `TPROXY':/usr/local/lib/iptables/libipt_TPROXY.so: cannot open shared
>>>>> object file: No such file or directory
>>>>>
>>>>> Try `iptables -h' or 'iptables --help' for more information.
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22# lsmod  | grep iptable
>>>>> iptable_filter          3104  0
>>>>> iptable_tproxy          6468  0
>>>>> ip_tables              12420  2 iptable_filter,iptable_tproxy
>>>>> root at syd-log01:/root/tproxy-4.0.1-2.6.22#
>>>>>   
>>>>>         
>>>>>           
>> --
>> Panther
>>
>>
>>
>>   
>>     
>
>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20070904/92660c5b/attachment.pgp 


More information about the tproxy mailing list