Re: [vserver] CONFIG_NETFILTER_XT_TARGET_LOG in LiHas 3.4 kernels:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] CONFIG_NETFILTER_XT_TARGET_LOG in LiHas 3.4 kernels

From: Adrian Reyer <are_at_lihas.de>
Date: Fri 27 Sep 2013 - 15:37:34 BST
Message-ID: <20130927143734.GA18555@r2d2.s.lihas.de>

On Fri, Sep 27, 2013 at 02:06:05PM +0200, Etienne Vogt wrote:
> However, some on these systems use iptables on the host and
> we found that your current 3.4 kernels have no support for the
> LOG target. Indeed, the LOG target is now in a separate module
> and no longer in the netfilter core.
> In the configuration file /boot/config-3.4.62-vs2.3.3.9+lihas1,
> the option is not set :
> # CONFIG_NETFILTER_XT_TARGET_LOG is not set
> Could you please add this option in your next kernel built ?

We will try and do. The automatic build process seems to hate
CONFIG_NETFILTER_XT_TARGET_LOG in 3.4.
However, 3.10 series has CONFIG_NETFILTER_XT_TARGET_LOG set.
As I run into this not only on my vserver-kernels but on others as well,
I tend and place something like this into my iptables scripts:

---8<------8<------8<------8<------8<------8<------8<---
HAVE_COMMENT=0
HAVE_LOG=0
HAVE_ULOG=0
# check availability of modules:
iptables -N lihas-moduletest
iptables -A lihas-moduletest $CONNSTATE 2>/dev/null
if iptables-save | egrep -q 'lihas-moduletest.*-m state'; then
  CONNSTATE="-m state --state"
else
  CONNSTATE="-m conntrack --ctstate"
fi
iptables -A lihas-moduletest -m comment --comment "test"
if [ $? -eq 0 ]; then
  HAVE_COMMENT=1
fi
iptables -A lihas-moduletest -j LOG --log-prefix 'test'
if [ $? -eq 0 ]; then
  HAVE_LOG=1
fi
iptables -A lihas-moduletest -j ULOG --ulog-prefix 'test'
if [ $? -eq 0 ]; then
  HAVE_ULOG=1
fi
iptables -F lihas-moduletest
iptables -X lihas-moduletest

# determine LOG target
if [ $TARGETLOG == "LOG" ] && [ $HAVE_LOG -eq 1 ]; then
  TARGETLOG=LOG
elif [ $TARGETLOG == "ULOG" ] && [ $HAVE_ULOG -eq 1 ]; then
  TARGETLOG=ULOG
elif [ $HAVE_LOG -eq 1 ]; then
  TARGETLOG=LOG
elif [ $HAVE_ULOG -eq 1 ]; then
  TARGETLOG=ULOG
fi
export TARGETLOG HAVE_COMMENT HAVE_LOG HAVE_ULOG
---8<------8<------8<------8<------8<------8<------8<---

Regards,
        Adrian 

-- 
LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart
Fon: +49 (7 11) 78 28 50 90 - Fax:  +49 (7 11) 78 28 50 91
Mail: lihas_at_lihas.de - Web: http://lihas.de
Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart
Received on Fri Sep 27 15:37:47 2013
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 27 Sep 2013 - 15:37:47 BST by hypermail 2.1.8