netfilter string match

Does anyone know how to get the string match going?
I downloaded netfilter 1.3.4 and compiled it but it ignores the
libipt_string module and doesnt compile it (I'm customizing a 2.6.13
kernel), libipt_string.c is there in the extensions directory.
I hunted through the stuff there and i cant see how to enable it. also,
scanning&reading for an hour at netfilter.org was fruitless. Therte must be
some file somewhere in the package that says essentially
"compile these extensions : x,y,z etc" but I cant find it
Anyone have experience with this?
Thanks
Eric

On Sun, 06 Nov 2005 14:49:29 -0800, Eric <(E-Mail Removed)> wrote:

>Does anyone know how to get the string match going?
>I downloaded netfilter 1.3.4 and compiled it but it ignores the
>libipt_string module and doesnt compile it (I'm customizing a 2.6.13
>kernel), libipt_string.c is there in the extensions directory.
>I hunted through the stuff there and i cant see how to enable it. also,
>scanning&reading for an hour at netfilter.org was fruitless. Therte must be
>some file somewhere in the package that says essentially
>"compile these extensions : x,y,z etc" but I cant find it
>Anyone have experience with this?
>Thanks
>Eric

You need to add the patch-o-matic NG stuff and then build iptables
yourself. Alternatively, there may be a binary for your distribution.
I found string match in the POM of 20040621 in the string
subdirectory.

CAVEAT: When you configure, all the examples use apostrophes or
quotes. Do not include them or your string match will fail.

CAVEAT: Construct the string match very carefully or you will affect
something unintended.
--
buck

buck wrote:

> On Sun, 06 Nov 2005 14:49:29 -0800, Eric <(E-Mail Removed)> wrote:
>
>>Does anyone know how to get the string match going?
>>I downloaded netfilter 1.3.4 and compiled it but it ignores the
>>libipt_string module and doesnt compile it (I'm customizing a 2.6.13
>>kernel), libipt_string.c is there in the extensions directory.
>>I hunted through the stuff there and i cant see how to enable it. also,
>>scanning&reading for an hour at netfilter.org was fruitless. Therte must
>>be some file somewhere in the package that says essentially
>>"compile these extensions : x,y,z etc" but I cant find it
>>Anyone have experience with this?
>>Thanks
>>Eric
>
> You need to add the patch-o-matic NG stuff and then build iptables
> yourself. Alternatively, there may be a binary for your distribution.
> I found string match in the POM of 20040621 in the string
> subdirectory.
>
> CAVEAT: When you configure, all the examples use apostrophes or
> quotes. Do not include them or your string match will fail.
>
> CAVEAT: Construct the string match very carefully or you will affect
> something unintended.
> --
> buck

what do you mean patch? the latest download wouldnt be patched its the
latest. I'm not upgrading my present install, that was uninstalled and i'm
building from scratch. I downloaded iptables-1.3.4.tar.bz2 I dont see what
you would patch that with, there is nothing newer.
Eric

On Wed, 09 Nov 2005 08:08:29 -0800, Eric <(E-Mail Removed)> wrote:

>buck wrote:
>
>> On Sun, 06 Nov 2005 14:49:29 -0800, Eric <(E-Mail Removed)> wrote:
>>
>>>Does anyone know how to get the string match going?
>>>I downloaded netfilter 1.3.4 and compiled it but it ignores the
>>>libipt_string module and doesnt compile it (I'm customizing a 2.6.13
>>>kernel), libipt_string.c is there in the extensions directory.
>>>I hunted through the stuff there and i cant see how to enable it. also,
>>>scanning&reading for an hour at netfilter.org was fruitless. Therte must
>>>be some file somewhere in the package that says essentially
>>>"compile these extensions : x,y,z etc" but I cant find it
>>>Anyone have experience with this?
>>>Thanks
>>>Eric
>>
>> You need to add the patch-o-matic NG stuff and then build iptables
>> yourself. Alternatively, there may be a binary for your distribution.
>> I found string match in the POM of 20040621 in the string
>> subdirectory.
>>
>> CAVEAT: When you configure, all the examples use apostrophes or
>> quotes. Do not include them or your string match will fail.
>>
>> CAVEAT: Construct the string match very carefully or you will affect
>> something unintended.
>> --
>> buck
>
>what do you mean patch? the latest download wouldnt be patched its the
>latest. I'm not upgrading my present install, that was uninstalled and i'm
>building from scratch. I downloaded iptables-1.3.4.tar.bz2 I dont see what
>you would patch that with, there is nothing newer.
>Eric

I mean just what I said. The string match is not in the standard
iptables. If you want it, you must add it using POM or obtain a
binary for your distro that includes it. Stop screaming and read the
netfilter web site.
--
buck

buck wrote:

> On Wed, 09 Nov 2005 08:08:29 -0800, Eric <(E-Mail Removed)> wrote:
>
>>buck wrote:
>>
>>> On Sun, 06 Nov 2005 14:49:29 -0800, Eric <(E-Mail Removed)> wrote:
>>>
>>>>Does anyone know how to get the string match going?
>>>>I downloaded netfilter 1.3.4 and compiled it but it ignores the
>>>>libipt_string module and doesnt compile it (I'm customizing a 2.6.13
>>>>kernel), libipt_string.c is there in the extensions directory.
>>>>I hunted through the stuff there and i cant see how to enable it. also,
>>>>scanning&reading for an hour at netfilter.org was fruitless. Therte must
>>>>be some file somewhere in the package that says essentially
>>>>"compile these extensions : x,y,z etc" but I cant find it
>>>>Anyone have experience with this?
>>>>Thanks
>>>>Eric
>>>
>>> You need to add the patch-o-matic NG stuff and then build iptables
>>> yourself. Alternatively, there may be a binary for your distribution.
>>> I found string match in the POM of 20040621 in the string
>>> subdirectory.
>>>
>>> CAVEAT: When you configure, all the examples use apostrophes or
>>> quotes. Do not include them or your string match will fail.
>>>
>>> CAVEAT: Construct the string match very carefully or you will affect
>>> something unintended.
>>> --
>>> buck
>>
>>what do you mean patch? the latest download wouldnt be patched its the
>>latest. I'm not upgrading my present install, that was uninstalled and i'm
>>building from scratch. I downloaded iptables-1.3.4.tar.bz2 I dont see what
>>you would patch that with, there is nothing newer.
>>Eric
>
> I mean just what I said. The string match is not in the standard
> iptables. If you want it, you must add it using POM or obtain a
> binary for your distro that includes it. Stop screaming and read the
> netfilter web site.
> --
> buck

Well, there's patches there, but its a "patch against 1.3.3"
at this address:
http://www.netfilter.org/projects/ip...downloads.html

Where are the patches you mentioned? i just cant find them out there.
I found a reference to them but no way to get them.
ie: http://www.netfilter.org/projects/pa...pom-extra.html
Eric

Eric wrote:
> Where are the patches you mentioned? i just cant find them out there.
> I found a reference to them but no way to get them.
> ie: http://www.netfilter.org/projects/pa...pom-extra.html
> Eric
>

maybe searching for download at the site (left frame) will help.
And have a closer look at the documentation!

cheers,
another Eric

Eric wrote:

> Eric wrote:
>> Where are the patches you mentioned? i just cant find them out there.
>> I found a reference to them but no way to get them.
>> ie: http://www.netfilter.org/projects/pa...pom-extra.html
>> Eric
>>
>
> maybe searching for download at the site (left frame) will help.
> And have a closer look at the documentation!
>
> cheers,
> another Eric
I assumed (wrongly i guess) that the 3 repositories (SVN Repository,
ftp Server & rsync Server) were the same but just different ways of getting
the files. I only looked in the SVN link and then went to browse CVS link
and the patches aren't there, but there are some in the ftp repository (I
hope its the right stuff patch-o-matic-20031219.tar.bz2 seems to be the
latest
Anyway, thanks
Eric

On Fri, 11 Nov 2005 00:02:16 -0800, Eric <(E-Mail Removed)> wrote:

>Eric wrote:
>
>> Eric wrote:
>>> Where are the patches you mentioned? i just cant find them out there.
>>> I found a reference to them but no way to get them.
>>> ie: http://www.netfilter.org/projects/pa...pom-extra.html
>>> Eric
>>>
>>
>> maybe searching for download at the site (left frame) will help.
>> And have a closer look at the documentation!
>>
>> cheers,
>> another Eric
>I assumed (wrongly i guess) that the 3 repositories (SVN Repository,
>ftp Server & rsync Server) were the same but just different ways of getting
>the files. I only looked in the SVN link and then went to browse CVS link
>and the patches aren't there, but there are some in the ftp repository (I
>hope its the right stuff patch-o-matic-20031219.tar.bz2 seems to be the
>latest
>Anyway, thanks
>Eric

This is what you're looking for:

http://netfilter.org/projects/patch-o-matic/index.html

--
buck