Re: iptables + geoip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Robert,

I still get no segfault,

If you could reproduce it and send me the debugging output would be nice.

cheers,

Nicolas

On Feb 11, 2008 5:18 AM, Robert Bruce <rob@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> apologies, it was GB I used. I'm not at my PC where I tried it, so that
> syntax is from what I can remember.
>
> I compiled the csv from maxmind.com using the csv2bin utility.
>
> I patched my kernel and iptables, enabled the option in my kernel and
> re-compiled for both. When I got the error I re-compiled with debug
> support and ran the command under gdb, which is how I could tell that the
> match parameter being passed into the parse function was a pointer 0x0.
>
> I don't believe it's a problem with the kernel as it works for iptables
> 1.3.6, but not 1.4.0.
>
> here's some system specs, the kernel -dedicated is the suffix I've given
> to the custom kernel with the ipt_geoip module
>
> > uname -a
> Linux debian 2.6.18.5-dedicated #1 SMP Thu Feb 7 21:56:01 GMT 2008 x86_64
> GNU/Linux
> > gcc -v
> Using built-in specs.
> Target: x86_64-linux-gnu
> Configured with: ../src/configure -v
> --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr
> --enable-shared --with-system-zlib --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --enable-nls
> --program-suffix=-4.1 --enable-__cxa_atexit --enable-clocale=gnu
> --enable-libstdcxx-debug --enable-mpfr --enable-checking=release
> x86_64-linux-gnu
> Thread model: posix
> gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
>
> Is there anything else I could do to help?
>
>
> On Mon, February 11, 2008 9:34 am, NICOLAS BOULIANE wrote:
> > Robert,
> >
> > 1- UK isn't an ISO3166 valid code.
> >
> >      UNITED KINGDOM -> GB
> >      UKRAINE -> UA
> > see:
> > http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm#u..
> >
> > 2- Personally I get no segfault.
> >
> > wyn:/home/acidfu# iptables -A INPUT -p tcp --dport 22 -m geoip !
> > --src-cc UK -j DROP
> > iptables v1.4.0: geoip match: sorry, 'UK' isn't in the database
> >
> > 3- what files you have into /var/geoip ?
> >
> > 4- You just tried to patch your kernel and iptables or what ? or its
> > an old patched kernel and you tried to update iptables ?
> >
> > cheers,
> >
> > Nicolas Bouliane
> >
> >
> > On Feb 11, 2008 4:00 AM, Robert Bruce <rob@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > wrote:
> >> I wanted to block everything but the UK from ssh access, so
> >>
> >> iptables -A INPUT -p tcp --dport 22 -m geoip ! --src-cc UK -j DROP
> >>
> >> I have the 2.6.18-5 kernel
> >>
> >>
> >> On Mon, February 11, 2008 8:54 am, NICOLAS BOULIANE wrote:
> >> > Hello Robert,
> >> >
> >> > Can you tell me the exact rule syntax you used ?
> >> >
> >> > p.s. I'm actually updating geoip so it use the xtables framework,
> >> >
> >> > cheers,
> >> >
> >> > Nicolas Bouliane
> >> >
> >> > On Feb 11, 2008 3:30 AM, Robert Bruce <rob@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> >> > wrote:
> >> >> Hello
> >> >>
> >> >> I tried to send this to the developers of geoip, but the email got
> >> >> returned to me. I can't put this on bugzilla as it is down at the
> >> >> moment...
> >> >>
> >> >> Original Email:
> >> >>
> >> >> Hi Guys
> >> >>
> >> >> I've just tried to install geoip with iptables 1.4.0, everything is
> >> fine
> >> >> until I try to add a rule which uses the geoip module and I get a
> >> >> Segmentation fault. So I did some digging, compiled with -g for gdb
> >> and
> >> >> found that the problem is on line 229 as match is passed in with an
> >> >> address to 0x0.
> >> >>
> >> >> I dunno how to fix that though..
> >> >>
> >> >>
> >> >> -
> >> >> To unsubscribe from this list: send the line "unsubscribe
> >> >> netfilter-devel" in
> >> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >> >>
> >> >
> >>
> >>
> >>
> >
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux