bugsysunday / opendpi Goto Github PK

Hi,

The attached patch provides adds FreeBSD support to OpenDPI (and it should
also work with other BSDs as well).

Let me know if you're also interested in a patch that adds basic CMake
support, compiling it as a shared library instead too.

Regards,

I'm trying to compile wrapper ver.1.1 and ver.1.2.
I get the exact same error:

make[2]: warning: jobserver unavailable: using -j1.  Add `+' to parent make 
rule.
  LD      /var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
  CC [M]  /var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_mt’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:478:2: warning: passing argument 1 of 
‘nf_ct_is_untracked’ from incompatible pointer type
include/net/netfilter/nf_conntrack.h:305:50: note: expected ‘const struct 
nf_conn *’ but argument is of type ‘const struct sk_buff *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_cleanup’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:609:9: warning: passing argument 1 of 
‘nf_conntrack_unregister_notifier’ from incompatible pointer type
include/net/netfilter/nf_conntrack_ecache.h:71:13: note: expected ‘struct net 
*’ but argument is of type ‘struct nf_ct_event_notifier *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:609:9: error: too few arguments to 
function ‘nf_conntrack_unregister_notifier’
include/net/netfilter/nf_conntrack_ecache.h:71:13: note: declared here
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c: In function ‘opendpi_mt_init’:
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:695:9: warning: passing argument 1 of 
‘nf_conntrack_register_notifier’ from incompatible pointer type
include/net/netfilter/nf_conntrack_ecache.h:70:12: note: expected ‘struct net 
*’ but argument is of type ‘struct nf_ct_event_notifier *’
/var/tmp/portage/net-firewall/opendpi-netfilter-wrapper-1.2-r130/work/opendpi-ne
tfilter-wrapper-1.2/wrapper/src/main.c:695:9: error: too few arguments to 
function ‘nf_conntrack_register_notifier’
include/net/netfilter/nf_conntrack_ecache.h:70:12: note: declared here

I have: Kernel 3.2.0 x64 Gentoo, iptables 1.4.12.1
I fixed some errors when using: opendpi-netfilter-wrapper-1.1_2.6.36.patch, 
opendpi-netfilter-wrapper-1.1_2.6.35_v3.patch

How fix this truble?

I'm trying to block all traffic for about 1 minute for users that use 
bittorrent. To accomplish that I used the following 2 rules:

Rule 1:
iptables -I FORWARD 1 -m recent --name badguy --rcheck --seconds 60 -j DROP

Rule 2:
iptables -I FORWARD 2  -m recent --name badguy --set -j DROP -m opendpi 
--bittorrent
I also tried:
iptables -I FORWARD 2  -m recent --name badguy --set -m opendpi --bittorrent -j 
DROP 
And:
iptables -I FORWARD 2 -j DROP -m recent --name badguy --set -m opendpi 
--bittorrent

This doesn't work! because -m recent marks all traffic at rule 2 and then the 
rule 1 blocks it for 60 seconds
Is this a bug? Is there another way of doing this?

What version of the product are you using? On what operating system?
Scientific Linux 6.1
kernel 2.6.32-220.2.1.el6.x86_64
OpenDPI V1.3
Netfilter wrapper for OpenDPI 1.2


Thanks
Fernando Reis

Hi, I tried to compile opendpi-netfilter-wrapper-1.2 into kernel 2.6.39 for 
archlinux , when make ,the following error occurred:

.../opendpi-netfilter-wrapper-1.2/wrapper # make
make -C ipt
make[1]: Entering directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
        mkdir opendpi_cpy; \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[2]: `libxt_opendpi.so' is up to date.
make[2]: Leaving directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
rm -r opendpi_cpy
make[1]: Leaving directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make -C src
make[1]: Entering directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
        mkdir opendpi_cpy; \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make -C /lib/modules/2.6.39-ARCH/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.39-ARCH'
  LD      /usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
  CC [M]  /usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:52: 
warning: ‘struct xt_match_param’ declared inside parameter list [enabled by 
default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:52: 
warning: its scope is only this definition or declaration, which is probably 
not what you want [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
‘opendpi_mt’:
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:466:44: error: 
dereferencing pointer to incomplete type
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:475:2: warning: 
passing argument 1 of ‘nf_ct_is_untracked’ from incompatible pointer type 
[enabled by default]
include/net/netfilter/nf_conntrack.h:306:19: note: expected ‘const struct 
nf_conn *’ but argument is of type ‘const struct sk_buff *’
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623:2: warning: 
initialization from incompatible pointer type [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623:2: warning: 
(near initialization for ‘opendpi_mt_reg.match’) [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624:2: warning: 
initialization from incompatible pointer type [enabled by default]
/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624:2: warning: 
(near initialization for ‘opendpi_mt_reg.checkentry’) [enabled by default]
make[3]: *** [/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o] 
Error 1
make[2]: *** [_module_/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src] 
Error 2
make[2]: Leaving directory `/usr/src/linux-2.6.39-ARCH'
make[1]: *** [all] Error 2
make[1]: Leaving directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2

anybody help me? Thanks in advance！

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

What steps will reproduce the problem?
iptables -F -t mangle
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark

iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT

iptables -t mangle -A PREROUTING -p udp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --truphone -j MARK 
--set-mark 1
iptables -t mangle -A PREROUTING -p udp -m opendpi --rtp -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p tcp -m opendpi --sip -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --iax -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --mgcp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --truphone -j MARK 
--set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m opendpi --rtp -j MARK --set-mark 1

iptables -t mangle -A PREROUTING -p udp -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 1 -j CONNMARK --save-mark

iptables -t mangle -A POSTROUTING -o ppp+ -m mark --mark 1 -j CLASSIFY 
--set-class 1:10

There is huge amount of kernel warrning "xt_opendpi: ignoring untracked sk_buff"

What version of the product are you using? On what operating system?
opendpi-1.2.0
opendpi-netfilter-wrapper-1.1 with opendpi-netfilter-wrapper-1.1_2.6.35_v2.patch
Linux 2.6.37 SMP i686 Intel(R) Xeon(TM) CPU 3.06GHz GenuineIntel
iptables v1.4.2

Steps to reproduce the problem:
1. ./configure goes through fine.
2. But when doing make, it fails on ipq_main.c

make[1]: Entering directory `/root/opendpi-1.2.0/src/lib'
/bin/sh ../../libtool --tag=CC   --mode=compile gcc -DPACKAGE_NAME=\"OpenDPI\" 
-DPACKAGE_TARNAME=\"opendpi\" -DPACKAGE_VERSION=\"1.2.0\" 
-DPACKAGE_STRING=\"OpenDPI\ 1.2.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" 
-DPACKAGE=\"opendpi\" -DVERSION=\"1.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 
-DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 
-DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 
-DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_NETINET_IN_H=1 -DHAVE_STDINT_H=1 
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -I.  -I../../src/include/ 
  -g -O2 -MT ipq_main.lo -MD -MP -MF .deps/ipq_main.Tpo -c -o ipq_main.lo 
ipq_main.c
libtool: compile:  gcc -DPACKAGE_NAME=\"OpenDPI\" -DPACKAGE_TARNAME=\"opendpi\" 
-DPACKAGE_VERSION=\"1.2.0\" "-DPACKAGE_STRING=\"OpenDPI 1.2.0\"" 
-DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"opendpi\" 
-DVERSION=\"1.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 
-DLT_OBJDIR=\".libs/\" -DHAVE_NETINET_IN_H=1 -DHAVE_STDINT_H=1 
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_UNISTD_H=1 -I. -I../../src/include/ 
-g -O2 -MT ipq_main.lo -MD -MP -MF .deps/ipq_main.Tpo -c ipq_main.c  -fPIC 
-DPIC -o .libs/ipq_main.o
In file included from /usr/include/linux/tcp.h:21,
                 from ipq_main.h:37,
                 from ipq_main.c:24:
/usr/include/asm/byteorder.h:6:2: warning: #warning using private kernel 
header; include <endian.h> instead!
In file included from /usr/include/netinet/ip6.h:23,
                 from ipq_main.h:46,
                 from ipq_main.c:24:
/usr/include/netinet/in.h:354: error: syntax error before '(' token
/usr/include/netinet/in.h:354: error: syntax error before "__u32"
/usr/include/netinet/in.h:355: error: syntax error before '(' token
/usr/include/netinet/in.h:355: error: syntax error before "__u16"
/usr/include/netinet/in.h:357: error: syntax error before '(' token
/usr/include/netinet/in.h:357: error: syntax error before "__u32"
/usr/include/netinet/in.h:359: error: syntax error before '(' token
/usr/include/netinet/in.h:359: error: syntax error before "__u16"
make[1]: *** [ipq_main.lo] Error 1
make[1]: Leaving directory `/root/opendpi-1.2.0/src/lib'
make: *** [all-recursive] Error 1

Kernel Version is:
$ uname -rvm
2.6.9-55.ELsmp #1 SMP Fri Apr 20 17:03:35 EDT 2007 i686

Libpcap is:
$ rpm -qa | grep pcap
libpcap-0.8.3-10.RHEL4

GCC version is:
$ gcc -v
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man 
--infodir=/usr/share/info --enable-shared --enable-threads=posix 
--disable-checking --with-system-zlib --enable-__cxa_atexit 
--disable-libunwind-exceptions --enable-java-awt=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.6 20060404 (Red Hat 3.4.6-8)

Make version is:
$ make -v
GNU Make 3.80

change first protocol letter multiple comparisons to strpbrk; this makes code 
more readable and could increase some performance
change order of checks in whole command comparisons; NTFY is the most frequent 
message so this will reduce memcmp calls - increase performance
change search for MGCP string inside packet; code more readable and without 
using extra variables and loops probably faster (depend on implementation of 
strstr)

Hi,
Please tell me how and where to integrate OpenDPI engine with ATCA PP-50 device.

Thanks in advance,
Nirmala

Is there anything i can do to get through this compile?


make -C src
make[1]: Entering directory `/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
    cp /tmp/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
    mkdir opendpi_cpy; \
    cp /tmp/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make -C /lib/modules/2.6.38.8/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.38-gentoo-r6'
  LD      /tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/built-in.o
  CC [M]  /tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: 'struct 
nf_ct_event' declared inside parameter list
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: its scope 
is only this definition or declaration, which is probably not what you want
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
'opendpi_conntrack_event':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:364: error: dereferencing 
pointer to incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:383: error: variable 
'osdpi_notifier' has initializer but incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: error: unknown field 
'fcn' specified in initializer
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: excess 
elements in struct initializer
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: (near 
initialization for 'osdpi_notifier')
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457: warning: 'struct 
xt_match_param' declared inside parameter list
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 'opendpi_mt':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:466: error: dereferencing 
pointer to incomplete type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:475: warning: passing 
argument 1 of 'nf_ct_is_untracked' from incompatible pointer type
include/net/netfilter/nf_conntrack.h:293: note: expected 'const struct nf_conn 
*' but argument is of type 'const struct sk_buff *'
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
'opendpi_cleanup':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:591: error: implicit 
declaration of function 'nf_conntrack_unregister_notifier'
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:623: warning: 
initialization from incompatible pointer type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624: warning: 
initialization from incompatible pointer type
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
'opendpi_mt_init':
/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:677: error: implicit 
declaration of function 'nf_conntrack_register_notifier'
At top level:
cc1: warning: unrecognized command line option "-Wno-unused-but-set-variable"
make[3]: *** [/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o] Error 1
make[2]: *** [_module_/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src] Error 2
make[2]: Leaving directory `/usr/src/linux-2.6.38-gentoo-r6'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/tmp/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2

my error message is :
make -C ipt
make[1]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
                cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
        else \
                mkdir opendpi_cpy; \
                cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
        fi
make libxt_opendpi.so
make[2]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[2]: `libxt_opendpi.so' is up to date.
make[2]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
rm -r opendpi_cpy
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make -C src
make[1]: Entering directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
if test -d opendpi_cpy; then \
                cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
        else \
                mkdir opendpi_cpy; \
                cp /usr/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
        fi
make -C /lib/modules/2.6.28/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-2.6.28'
  CC [M]  /usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: 
‘struct nf_ct_event’ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:362: warning: its 
scope is only this definition or declaration, which is probably not what you 
want
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
‘opendpi_conntrack_event’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:364: error: 
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:383: error: variable 
‘osdpi_notifier’ has initializer but incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: error: unknown 
field ‘fcn’ specified in initializer
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: excess 
elements in struct initializer
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:384: warning: (near 
initialization for ‘osdpi_notifier’)
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:457:2: error: invalid 
preprocessing directive #opendpi_mt
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:458: warning: 
‘struct xt_action_param’ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
‘opendpi_mt’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:467: error: 
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
‘opendpi_cleanup’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:592: warning: passing 
argument 1 of ‘nf_conntrack_unregister_notifier’ from incompatible pointer 
type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:624: warning: 
initialization from incompatible pointer type
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c: In function 
‘opendpi_mt_init’:
/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.c:678: warning: passing 
argument 1 of ‘nf_conntrack_register_notifier’ from incompatible pointer 
type
make[3]: *** [/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src/main.o] Error 1
make[2]: *** [_module_/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src] Error 
2
make[2]: Leaving directory `/usr/src/linux-2.6.28'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.2/wrapper/src'
make: *** [all] Error 2

and
my linux kernel is 2.6.28.

Help me

Hi,

The attached patch fixes a problem with BitTorrent detection. The 1.0.1
code will enter detection stage 1 after the first packet analyzed in the
flow. However, the first packet in the flow generally corresponds to the
TCP handshake, without a payload. Even then, the code enters stage 1 and so
stage 0 analysis is never performed for that flow anymore.

The attached patch corrects this behavior by not entering stage 0 analysis
or bumping the detection stage to stage 1 unless there is a payload.

Running the vanilla OpenDPI demo on a pcap file created by downloading 5%
of a Ubuntu ISO with rTorrent shows 4054 unknown packets. After patching
and recompiling, there are only 154 unknown packets and 3907 packets were
recognized as BitTorrent traffic.

I unfortunately can't provide the pcap file because it contains sensitive
data. However, if you can't reproduce it, I might be able to filter out
that sensitive stuff out of the pcap and hand it to you guys.

The attached patch is in unified diff format and should apply cleanly
against bittorrent.c from the 1.0.1 release.

The autotools-base build systems generate lots of intermediate files, need an 
'autogen.sh' step before creating a distributable release, are slow, cryptic, 
and depend on the version of autotools installed on the build machine.

You end up inserting lots of awful stuff into the autoconf and automake sources 
to keep portability.

And I'm not talking about libtool hell.

For such a small project, it would be handy to have something more efficient, 
easier to maintain and extend, and that relies on as few external dependencies 
as possible.

Waf is designed that way, you only need python, that's all (and a C toolchain, 
obviously, because it is a C project). And since you include the waf script 
(i.e. the _whole_ build system) with the sources, you are certain everyone has 
the same version of the build system.

Here is a patch that adds the waf build system, a wscript (replaces ALL the 
configure and makefiles of the project in 31 lines) and updates README and NEWS 
accordingly.

Thanks for taking a few minutes to at least look at it before saying "It's not 
autotools, we don't want that", I'm sure you'll be convinced.

With kind regards,
Lionel

What steps will reproduce the problem?
1. Fedora 13 + all updates
2. make in wrapper directory
3.

What is the expected output? What do you see instead?

This is my command line output:

[root@s1 wrapper]# make
make -C ipt
make[1]: Entering directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
if test -d opendpi_cpy; then \
        cp /media/DATA/__neu_AXP/opendpi_wrapper_axp/opendpi-1.2.0/src/* opendpi_cpy -R; \
    else \
        mkdir opendpi_cpy; \
        cp /media/DATA/__neu_AXP/opendpi_wrapper_axp/opendpi-1.2.0/src/* opendpi_cpy -R; \
    fi
make libxt_opendpi.so
make[2]: Entering directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src 
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o 
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:115: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:132: warning: implicit declaration of function ‘ALIGN’
libxt_opendpi.c:132: error: initializer element is not constant
libxt_opendpi.c:132: error: (near initialization for ‘opendpi_mt4_reg.size’)
libxt_opendpi.c:133: error: initializer element is not constant
libxt_opendpi.c:133: error: (near initialization for 
‘opendpi_mt4_reg.userspacesize’)
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/media/DATA/opendpi_wrapper_normal/wrapper/ipt'
make: *** [all] Error 2

What version of the product are you using? On what operating system?

Fedora 13 with 2.6.34.7-66.fc13.i686.PAE kernel
kernel-devel, iptables-devel, kernel-headers-2.6.34.7-66.fc13 installed
opendpi wrapper 1.1 without special patches and opendpi 1.2

Please provide any additional information below.

What steps will reproduce the problem?
1. Download OpenDPI with
http://opendpi.googlecode.com/files/OpenDPI_1.0.1.tar.gz 
2. untar and in the OpenDPI directory run make
3. [root@localhost OpenDPI]# uname -r
2.6.29.4-167.fc11.i586


What is the expected output? What do you see instead?
compile fails as:
OpenDPI]# make
cd ./lib && cc -c -I ../include -O2 -g -pipe -Wall -Wimplicit -Wunused
-Wcomment -Wchar-subscripts -Wuninitialized -Wparentheses -Wformat -Winline
-Wreturn-type -fPIC -Wmissing-prototypes -Wundef -Wstrict-prototypes
-Wno-trigraphs -fno-strict-aliasing -fno-common
-Werror-implicit-function-declaration -maccumulate-outgoing-args
-Wno-sign-compare -fno-asynchronous-unwind-tables -fomit-frame-pointer
-Werror -D_FILE_OFFSET_BITS=64 *.c
cd ./lib/protocols && cc -c -I .. -I ../../include -O2 -g -pipe -Wall
-Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized
-Wparentheses -Wformat -Winline -Wreturn-type -fPIC -Wmissing-prototypes
-Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing -fno-common
-Werror-implicit-function-declaration -maccumulate-outgoing-args
-Wno-sign-compare -fno-asynchronous-unwind-tables -fomit-frame-pointer
-Werror -D_FILE_OFFSET_BITS=64 *.c
ar rcs ./libOpenDPI.a ./lib/*.o ./lib/protocols/*.o
cc -O2 -g -pipe -Wall -Wimplicit -Wunused -Wcomment -Wchar-subscripts
-Wuninitialized -Wparentheses -Wformat -Winline -Wreturn-type -fPIC
-Wmissing-prototypes -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-maccumulate-outgoing-args -Wno-sign-compare
-fno-asynchronous-unwind-tables -fomit-frame-pointer -Werror
-D_FILE_OFFSET_BITS=64 -I include OpenDPI_demo.c libOpenDPI.a -lpcap -o
OpenDPI_demo
OpenDPI_demo.c:37:18: error: pcap.h: No such file or directory
OpenDPI_demo.c:45: error: âPCAP_ERRBUF_SIZEâ undeclared here (not in a
function)
OpenDPI_demo.c:46: error: expected â=â, â,â, â;â, âasmâ or 
â__attribute__â
before â*â token
OpenDPI_demo.c: In function âopenPcapFileâ:
OpenDPI_demo.c:465: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:465: error: (Each undeclared identifier is reported only once
OpenDPI_demo.c:465: error: for each function it appears in.)
OpenDPI_demo.c:465: error: implicit declaration of function 
âpcap_open_offlineâ
OpenDPI_demo.c:471: error: implicit declaration of function âpcap_datalinkâ
OpenDPI_demo.c: In function âclosePcapFileâ:
OpenDPI_demo.c:476: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:477: error: implicit declaration of function âpcap_closeâ
cc1: warnings being treated as errors
OpenDPI_demo.c: At top level:
OpenDPI_demo.c:482: error: âstruct pcap_pkthdrâ declared inside parameter list
OpenDPI_demo.c:482: error: its scope is only this definition or
declaration, which is probably not what you want
OpenDPI_demo.c: In function âpcap_packet_callbackâ:
OpenDPI_demo.c:493: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:494: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:505: error: âDLT_EN10MBâ undeclared (first use in this 
function)
OpenDPI_demo.c:506: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:508: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:508: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:528: error: dereferencing pointer to incomplete type
OpenDPI_demo.c:528: error: dereferencing pointer to incomplete type
OpenDPI_demo.c: In function ârunPcapLoopâ:
OpenDPI_demo.c:535: error: â_pcap_handleâ undeclared (first use in this
function)
OpenDPI_demo.c:536: error: implicit declaration of function âpcap_loopâ
make: *** [demo_program] Error 1
[root@localhost OpenDPI]# 

What version of the product are you using? On what operating system?

2.6.29.4-167.fc11.i586

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

Hi all,

when i am creating work queue's per connection based (srcIp and dstIp)and 
caling opendpi for protocol detection then i am getting maximum protocols as 
unknown.can any one give me the idea where i am doing wrong or opendpi itself 
behaving in that matter...

thanx in advance.

When using ipp2p with conntrack states, the following syntax works:

iptables -A OUTPUT -p tcp -m ipp2p --winmx -m conntrack --ctstate ESTABLISHED 
-j DROP

This same syntax using the opendpi module does NOT work.  Eg:

iptables -A OUTPUT -p tcp -m opendpi --winmx -m conntrack --ctstate ESTABLISHED 
-j DROP

...gives an error:

xt_opendpi: You need to specify at least one protocol


Switching the order of operators fixes the problem, but this appears to be 
inconsistent with other modules:

iptables -A OUTPUT -p tcp -m opendpi -m conntrack --ctstate ESTABLISHED --winmx 
-j DROP

I'm trying to add support for OpenDPI in Shorewall, and this change of syntax 
is causing issues.

Thanks in advance!

What steps will reproduce the problem?
1. Insmod xt_opendip.ko and later nf_conntrack_netlink.ko or vice-versa.

What is the expected output? What do you see instead?
shows device or resource busy.

What version of the product are you using? On what operating system?
working with fedora12 kernel version 2.6.32.21 

Please provide any additional information below.
console log shows:
insmod: error inserting 'src/xt_opendpi.ko': -1 Device or resource busy
dmesg shows:
ctnetlink v0.93: registering with nfnetlink.
xt_opendpi 0.1 (OpenDPI wrapper module).
xt_opendpi: error registering notifier.

This will happen if You have CONFIG_NF_CONNTRACK_EVENTS enabled. 

#ifdef CONFIG_NF_CONNTRACK_EVENTS
       ret = nf_conntrack_register_notifier(&ctnl_notifier);
       if (ret < 0) {
               pr_err("ctnetlink_init: cannot register notifier.\n");
               goto err_unreg_exp_subsys;
       }
        ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp);
        if (ret < 0) {
                pr_err("ctnetlink_init: cannot expect register notifier.\n");
               goto err_unreg_notifier;
       }
#endif

Above code is from ctnetlink_init function.
nf_conntrack_register_notifier code is exclusive and protected by rcu locking.

We may not be able to use both nf_conntrack_netlink( needed for 
conntrack-tools) and opendpi with both registering notifier for events.

What steps will reproduce the problem?
1. Cross compile opendpi-1.2.0 to MIPS32 platform
2. Cross compile opendpi-netfilter-wrapper-1.1 to MIPS platform according to 
the instructions.
3. Copy the libxt_opendpi.so file to /lib/xtables directory and xt_opendpi.ko 
to the /lib/modules directory on the target.

4. # modprobe xt_opendpi
   xt_opendpi 0.1 (OpenDPI wrapper module).

5. # iptables -m opendpi --help
   iptables v1.4.10: Couldn't find match `opendpi'

   Try `iptables -h' or 'iptables --help' for more information.

What is the expected output? What do you see instead?

The command display available protocols we can match for in every packet.
Instead we are seeing #5 error message mentioned above.


What version of the product are you using? On what operating system?

We are using opendpi-1.2.0 and opendpi-netfilter-wrapper-1.1.
Iptables version is 1.4.10
Kernel version is 2.6.30 on MIPS32.

Please provide any additional information below.

Toolchain used is mips-linux-uclibc-gcc.

Can OpenDPI label the packets? 
I want to label the packets with its application protocols. such as 
http protocol, in other way, I want to mark its application protocol 
in the packet. 
if it can, how to do this? 

What steps will reproduce the problem?
1. openwrt backfire insmod give erro xt_opendpi: Unknown symbol 
nf_conntrack_register_notifier
2.
3.

What is the expected output? What do you see instead?
xt_opendpi: Unknown symbol nf_conntrack_register_notifier


What version of the product are you using? On what operating system?
openwrt backfire rc5 kernel 2.6.32.27

Please provide any additional information below.

Here is the error I'm getting when trying to compile.

My distribution is Centos 5.5
Kernel: 2.6.18-194.32.1.el5

OPENDPI_PATH=/usr/local/src/opendpi-1.3.0 make
make -C ipt
make[1]: Entering directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
    else \
        mkdir opendpi_cpy; \
        cp /usr/local/src/opendpi-1.3.0/src/* opendpi_cpy -R; \
    fi
make libxt_opendpi.so
make[2]: Entering directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src 
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o 
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c:34: warning: ‘struct xt_entry_match’ declared inside 
parameter list
libxt_opendpi.c:34: warning: its scope is only this definition or declaration, 
which is probably not what you want
libxt_opendpi.c: In function ‘opendpi_mt4_save’:
libxt_opendpi.c:36: error: dereferencing pointer to incomplete type
libxt_opendpi.c: At top level:
libxt_opendpi.c:49: warning: ‘struct xt_entry_match’ declared inside 
parameter list
libxt_opendpi.c: In function ‘opendpi_mt4_print’:
libxt_opendpi.c:51: error: dereferencing pointer to incomplete type
libxt_opendpi.c: At top level:
libxt_opendpi.c:64: warning: ‘struct xt_entry_match’ declared inside 
parameter list
libxt_opendpi.c: In function ‘opendpi_mt4_parse’:
libxt_opendpi.c:66: error: dereferencing pointer to incomplete type
libxt_opendpi.c:76: error: ‘true’ undeclared (first use in this function)
libxt_opendpi.c:76: error: (Each undeclared identifier is reported only once
libxt_opendpi.c:76: error: for each function it appears in.)
libxt_opendpi.c:80: error: ‘false’ undeclared (first use in this function)
libxt_opendpi.c: In function ‘opendpi_mt_check’:
libxt_opendpi.c:91: warning: implicit declaration of function ‘exit_error’
libxt_opendpi.c:91: error: ‘PARAMETER_PROBLEM’ undeclared (first use in 
this function)
libxt_opendpi.c: At top level:
libxt_opendpi.c:111: warning: ‘struct xt_entry_match’ declared inside 
parameter list
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:113: error: dereferencing pointer to incomplete type
libxt_opendpi.c:113: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:121: error: variable ‘opendpi_mt4_reg’ has initializer but 
incomplete type
libxt_opendpi.c:122: error: unknown field ‘version’ specified in initializer
libxt_opendpi.c:122: error: ‘XTABLES_VERSION’ undeclared here (not in a 
function)
libxt_opendpi.c:122: warning: excess elements in struct initializer
libxt_opendpi.c:122: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:123: error: unknown field ‘name’ specified in initializer
libxt_opendpi.c:123: warning: excess elements in struct initializer
libxt_opendpi.c:123: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:124: error: unknown field ‘revision’ specified in 
initializer
libxt_opendpi.c:124: warning: excess elements in struct initializer
libxt_opendpi.c:124: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:125: error: unknown field ‘family’ specified in initializer
libxt_opendpi.c:125: warning: excess elements in struct initializer
libxt_opendpi.c:125: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:126: error: unknown field ‘size’ specified in initializer
libxt_opendpi.c:126: warning: implicit declaration of function ‘XT_ALIGN’
libxt_opendpi.c:126: warning: excess elements in struct initializer
libxt_opendpi.c:126: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:127: error: unknown field ‘userspacesize’ specified in 
initializer
libxt_opendpi.c:127: warning: excess elements in struct initializer
libxt_opendpi.c:127: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:128: error: unknown field ‘help’ specified in initializer
libxt_opendpi.c:128: warning: excess elements in struct initializer
libxt_opendpi.c:128: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:129: error: unknown field ‘init’ specified in initializer
libxt_opendpi.c:129: warning: excess elements in struct initializer
libxt_opendpi.c:129: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:130: error: unknown field ‘parse’ specified in initializer
libxt_opendpi.c:130: warning: excess elements in struct initializer
libxt_opendpi.c:130: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:131: error: unknown field ‘final_check’ specified in 
initializer
libxt_opendpi.c:131: warning: excess elements in struct initializer
libxt_opendpi.c:131: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:132: error: unknown field ‘print’ specified in initializer
libxt_opendpi.c:132: warning: excess elements in struct initializer
libxt_opendpi.c:132: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:133: error: unknown field ‘save’ specified in initializer
libxt_opendpi.c:133: warning: excess elements in struct initializer
libxt_opendpi.c:133: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c:134: error: unknown field ‘extra_opts’ specified in 
initializer
libxt_opendpi.c:134: warning: excess elements in struct initializer
libxt_opendpi.c:134: warning: (near initialization for ‘opendpi_mt4_reg’)
libxt_opendpi.c: In function ‘_init’:
libxt_opendpi.c:143: error: ‘false’ undeclared (first use in this function)
libxt_opendpi.c:151: warning: implicit declaration of function 
‘xtables_register_match’
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory 
`/usr/local/src/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make: *** [all] Error 2



Is it possible I can compile netfilter-wrapper under < 2.6.35 kernel?

What steps will reproduce the problem?
1. make modules_install
2. cp ipt/libxt_opendpi.so /lib/xtables
3. modprobe xt_opendpi

What is the expected output? What do you see instead?
FATAL: Module xt_opendpi not found.


What version of the product are you using? On what operating system?
2.6.38-8-server #42-Ubuntu

Please provide any additional information below.
For some reason I can't get iptables to work with opendpi, the help function 
comes up and all the options eg: --bittorrent etc, but I can't put the likes of 
this in...

iptables -A FORWARD -s 172.16.20.0/24 -m opendpi --http
iptables -A INPUT -s 172.16.20.0/24 -m opendpi --http -j ACCEPT
iptables -A OUTPUT -s 172.16.20.0/24 -m opendpi --http -j ACCEPT

For some reason it just keeps coming up with...

iptables: No chain/target/match by that name.

If I take the -m opendpi out the rule works just fine.

Cheers
Dan

1.I have gone thru the sample example code available in the Opendpi package.I 
have done code walk thru with the example code.I dont see any RegEx search 
involved in OpenDPI.
2.All I can see is layer3/4/5 protocol detection.
2.My query is can OPEN DPI capable of doing RegEx search??
I might be bit naive in asking this question so any Suggestion is appreciated
Regards
Raghu   

What steps will reproduce the problem?
1. Compiling opendpi-wrapper 1.2.0 on a SLES 10 system

What is the expected output? 
A compiled module

What do you see instead?

make -C ipt
make[1]: Entering directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
if test -d opendpi_cpy; then \
        cp /root/opendpi-1.3.0/src/* opendpi_cpy -R; \
else \
        mkdir opendpi_cpy; \
        cp /root/opendpi-1.3.0/src/* opendpi_cpy -R; \
fi
make libxt_opendpi.so
make[2]: Entering directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
gcc -fPIC -Iopendpi_cpy/include -Iopendpi_cpy/lib -I../src 
-DOPENDPI_NETFILTER_MODULE -O2 -Wall -D_INIT=libxt_opendpi_init -c -o 
libxt_opendpi.o libxt_opendpi.c;
libxt_opendpi.c: In function ‘opendpi_mt4_save’:
libxt_opendpi.c:36: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt4_print’:
libxt_opendpi.c:51: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt4_parse’:
libxt_opendpi.c:66: error: dereferencing pointer to incomplete type
libxt_opendpi.c: In function ‘opendpi_mt_init’:
libxt_opendpi.c:113: error: dereferencing pointer to incomplete type
libxt_opendpi.c:113: warning: unused variable ‘info’
libxt_opendpi.c: At top level:
libxt_opendpi.c:129: warning: initialization from incompatible pointer type
libxt_opendpi.c:130: warning: initialization from incompatible pointer type
libxt_opendpi.c:132: warning: initialization from incompatible pointer type
libxt_opendpi.c:133: warning: initialization from incompatible pointer type
make[2]: *** [libxt_opendpi.o] Error 1
make[2]: Leaving directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/root/opendpi-netfilter-wrapper-1.2/wrapper/ipt'
make: *** [all] Error 2



What version of the product are you using? 
OPENDPI 1.3.0 
OPENDPI-NETWRAPPER 1.2.0

On what operating system?
SLES 10 SP3 with IPtables 1.4.2

Please provide any additional information below.

What steps will reproduce the problem?
1. Setup OpenDPI netfilter rule to match the battlefield protocol
2. run "watch -n0 iptables -nvL" and monitor the matched packet count
3. Run BF2 and join a server

What is the expected output? What do you see instead?
  Expect to see packets match the rule but non match at all

What version of the product are you using? On what operating system?
  1.2.0 on Debian Linux 6.0 (Squeeze)

Please provide any additional information below.
  The battlefield protocol match patterns seem to search for the string "battlefield2" and a few other things. By using tcpdump and wireshark I have not been able to locate either of these patterns for battlefield 2.

I have reversed the server information packet that is sent to the client on 
each connection to the server and modified the battlefield.c source, this works 
great and I am able to reliably detect BF2 connections.

I have attached the patch to fix this, but it needs review as BF2 matching may 
need to be broken out from BF1942 since this packet is sent only once and the 
BF1942 code is designed to sample every N ms.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

What steps will reproduce the problem?
1. sudo apt-get install gcc make libpcap-dev
2.
3.

What is the expected output? What do you see instead?
apt-get command not found

What version of the product are you using? On what operating system?
2.6.23.1-42.fc8

Please provide any additional information below.

I've followed the instructions for installation. enabling appropriate kernel 
features and patching the opendpi source. upon running make, I get the 
following error.

make -C /lib/modules/2.6.35-20-generic-pae/build M=$PWD;
make[2]: Entering directory `/usr/src/linux-headers-2.6.35-20-generic-pae'
  CC [M]  /usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.o
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:452: warning: 
âstruct xt_match_paramâ declared inside parameter list
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:452: warning: its 
scope is only this definition or declaration, which is probably not what you 
want
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c: In function 
âopendpi_mtâ:
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:461: error: 
dereferencing pointer to incomplete type
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c: At top level:
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:597: warning: 
initialization from incompatible pointer type
/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.c:598: warning: 
initialization from incompatible pointer type
make[3]: *** [/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src/main.o] Error 1
make[2]: *** [_module_/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src] Error 
2
make[2]: Leaving directory `/usr/src/linux-headers-2.6.35-20-generic-pae'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/usr/src/opendpi-netfilter-wrapper-1.0/wrapper/src'
make: *** [all] Error 2

Any clues? 

Regards,

Tom