Modify

Opened 4 years ago

Closed 3 years ago

#17414 closed defect (wontfix)

make xt_layer7.c compiled

Reported by: puyou.lu@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Barrier Breaker 14.07
Keywords: Cc:

Description

xt_layer7.c was not compiled in kernel 3.10.49 as the kernel does not have config EXPERIMENTAL anymore.

Attachments (1)

603-netfilter_layer7_3.10.49_fix.patch (2.9 KB) - added by puyou.lu@… 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by puyou.lu@…

comment:1 follow-up: Changed 3 years ago by nbd

did you actually runtime-test layer7? last time i checked, it was suffering from really horrible memory leaks

comment:2 in reply to: ↑ 1 Changed 3 years ago by puyou.lu@…

Finally I got time to test it simplely(only tried http), and did not find any memory leaks.

root@OpenWrt:/etc/l7-protocols# free
             total         used         free       shared      buffers
Mem:         60716        23652        37064            0         3108
-/+ buffers:              20544        40172
Swap:            0            0            0
root@OpenWrt:/etc/l7-protocols# iptables -t filter -I FORWARD -m layer7 --l7proto http -j DROP
root@OpenWrt:/etc/l7-protocols# iptables -t filter -L FORWARD --line-numbers -vn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1        6  4037 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http
2    14685 1759K delegate_forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0

And I tried to send http packets on the host computer using something like:

while true; do wget --timeout=0.1 http://192.168.57.248; done

After about half an hour:

root@OpenWrt:/etc/l7-protocols# iptables -t filter -L FORWARD --line-numbers -vn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    56213   43M DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http
2    30657 3433K delegate_forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
root@OpenWrt:/etc/l7-protocols# free
             total         used         free       shared      buffers
Mem:         60716        23428        37288            0         3108
-/+ buffers:              20320        40396
Swap:            0            0            0

Also I tried '-j MARK':

root@OpenWrt:/etc/l7-protocols# iptables -t filter -D FORWARD -m layer7 --l7proto http -j DROP
root@OpenWrt:/etc/l7-protocols# iptables -t filter -I FORWARD -m layer7 --l7proto http -j MARK --set-mark 0x80
root@OpenWrt:/etc/l7-protocols# free
             total         used         free       shared      buffers
Mem:         60716        23268        37448            0         3108
-/+ buffers:              20160        40556
Swap:            0            0            0
root@OpenWrt:/etc/l7-protocols# iptables -t filter -L FORWARD --line-numbers -vn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http  MARK set 0x80
2    31142 3531K delegate_forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

About ten minutes later:

root@OpenWrt:/etc/l7-protocols# iptables -t filter -L FORWARD --line-numbers -vn
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1    1779K 1299M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http  MARK set 0x80
2    2149K 1349M delegate_forward  all  --  *      *       0.0.0.0/0            0.0.0.0/0
root@OpenWrt:/etc/l7-protocols# free
             total         used         free       shared      buffers
Mem:         60716        23740        36976            0         3108
-/+ buffers:              20632        40084
Swap:            0            0            0

As you can see there is no memory leaks. Or I am not in the right way testing it?

comment:3 Changed 3 years ago by nbd

  • Resolution set to wontfix
  • Status changed from new to closed

layer7 has been removed, see r45423

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.